Add a way to provide a certificate authority for kubectl configuration
micedre opened this issue · comments
When configuring the external api server for kubernetes in onyxia, the configuration script uses the flag --insecure-skip-tls-verify=true :
kubectl config set-cluster api \
--server=https://api \
--insecure-skip-tls-verify=true
We would like to be able to provide a certificate in onyxia configuration so that this flag is not needed. For instance:
"k8sPublicEndpoint":
{
"URL": "https://api.kube.groupe-genes.fr",
"certificateAuthority": "LS0tLS1CRUdJTiBDRVJUS...",
"oidcConfiguration":
{
"issuerURI": "https://auth.groupe-genes.fr/realms/genes",
"clientID": "onyxia",
},
},
would gives :
kubectl config set-cluster api \
--server=https://api \
--certificate-authority=LS0tLS1CRUdJTiBDRVJUS...
You're right, but there is still a way to do it, it seems by adding a command in the list
kubectl config set clusters.api.certificate-authority-data LStFDSglfskm....
so this is for the script provided here only ?
Yes, where would you want to use it ?
That script :
kubectl config set-cluster api...fr \
--server=https://api...fr \
--insecure-skip-tls-verify=true
kubectl config set-credentials user \
--auth-provider=oidc \
[...]
kubectl config use-context api...fr
would become :
kubectl config set-cluster api...fr \
--server=https://api...fr \
kubectl config set clusters.api.certificate-authority-data LStFDSglfskm....
kubectl config set-credentials user \
--auth-provider=oidc \
[...]
kubectl config use-context api...fr