Open justapill opened 3 months ago
In hindsight, I've remembered that on Ubuntu for example; root CA's are managed by the apt package ca-certificates
. I think this functionality would still be appreciated for root CA's that are not included in that package.
The Kubernetes project currently lacks enough contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle stale
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
What would you like to be added
Add a pre-install task which gives the option to download a root CA file to all master nodes.
Why is this needed
Currently, a user must download the CA file for their OIDC provider separately. Adding this functionality takes that burden off the user.
I have recently discovered this while setting up OIDC on my cluster with keycloak, which has it's certificate issued from Letsencrypt. Thankfully Letsencypt hosts their root CA on a webserver. -
curl https://letsencrypt.org/certs/isrg-root-x2.pem