Open vinzent opened 5 years ago
fejta-bot
commented
4 years ago Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Send feedback to sig-testing, kubernetes/test-infra and/or fejta. /lifecycle stale
fejta-bot
commented
4 years ago Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close.
Send feedback to sig-testing, kubernetes/test-infra and/or fejta. /lifecycle rotten
sector2000
commented
4 years ago /remove-lifecycle rotten
sector2000
commented
4 years ago This issue is still unresolved in latest version 10.0.1
fejta-bot
commented
4 years ago Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Send feedback to sig-testing, kubernetes/test-infra and/or fejta. /lifecycle stale
fejta-bot
commented
4 years ago Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close.
Send feedback to sig-testing, kubernetes/test-infra and/or fejta. /lifecycle rotten
palnabarun
commented
4 years ago /remove-lifecycle rotten
palnabarun
commented
4 years ago /lifecycle frozen
palnabarun
commented
4 years ago /assign
palnabarun
commented
4 years ago 
0xf10413
commented
2 years ago Hi, we just hit this issue today and i was very surprised when i read the code. Basically, if the CA isn't explicitly set in kubeconfig, it will use an internal bundle of certificates.
That's a very surprising behaviour to me, and it seems contrary to what the openshift oc client is doing.
Would it be possible to at least introduce an environment variable to override this feature and default on the OS' CA ?
(not necessarily like #1131, rather, something that leaves the CA configuration unset so that it defaults on the OS')
EDIT: i just saw on #1276 that this file is automatically generated… would you consider a patch ?
0xf10413
commented
2 years ago Hi again, after digging a bit more, it looks like the project you use for generating your files has actually fixed this issue: OpenAPITools/openapi-generator#8108
According to the sidebar, it is part of version 5.0.0. It seems that you are on version 4.3.0.
Is there any plan to upgrade that ?
palnabarun
commented
2 years ago @0xf10413 -- Created #1589 to update the OpenAPI Generator used for generating the client.
For RHEL/CentOS users using certifi like here https://github.com/kubernetes-client/python/blob/master/kubernetes/client/rest.py#L77 will forcefully override system provided CA configuration and reset it to the Mozilla CA pem. Missing any internal CA certs and thus failing with CERTIFICATE_VERIFY_FAILED errors.
See also: https://github.com/openshift/openshift-restclient-python/issues/198