kubectl describe configmap api-server-config -n openunison returns empty certificate

[TomerG711]

I've followed the provided video: https://vimeo.com/297399119, and installed OpenUnison. However, when I run the command to get the configmap that contains the certificate for the server api, as in 2:00 in the video, I get:

Data
===
oidc-api-server-flags:
---
---oidc-issuer-url=....

(The other oidc flags are given OK).

Why don't I get the certificate?

[mlbiam]

We need to update the videos. When we moved to an operator based model the location of the certificate changed. In the readme (https://github.com/OpenUnison/openunison-k8s-login-activedirectory#complete-sso-integration-with-kubernetes) it says where to get the cert.

[TomerG711]

@mlbiam Great, I found the cert and edited the api server yaml as required.

Then, when I log into the OpenUnison(https://openunison.tremolo.lan), I get both of the certs - OU server CA certificate and Kubernetes API Server CA certificate, and add both to my PC (under the Microsoft Management Console for Windows 10). Then I run the kubectl Windows Command (again, from https://openunison.tremolo.lan) and everything goes fine, but when I run kubectl get nodes (on my PC) I get the following error: Unable to connect to the server: Get https://openunison.tremolo.lan/auth/idp/k8sIdp/.well-known-openid-configuration: x509: certificate is valid for openunison.openunison.svc.cluster.local, not openunison.tremolo.lan

Did I forget any step?

[mlbiam]

is openunison.tremolo.lan pointing to your ingress load balancer?

[TomerG711]

@mlbiam Yes it does.

[TomerG711]

@mlbiam Any idea why does it happen?

[TomerG711]

@mlbiam ?

[TomerG711]

@mlbiam Any idea?