Storage does not validate client certificate #117
Comments
|
@slashben do we want to fix that? |
|
we must, but it should be fairly simple |
|
it should be set up in |
nice, do we want to add a config entry for that certificate? or should we read it from somewhere in the downward API? |
|
Wait, we have two problems here. One is we need to have the client certificate of the API server (it can be take with The second is that we do not generate server certificate 😞 apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
spec: │
insecureSkipTLSVerify: true |
|
@matthyx see my PRs (they were tested locally) |
|
@slashben as I told you I had to revert this PR a few releases ago... we should work on it again in order to fix that |
|
Yes, it is on my todo list
…On Tue, Oct 15, 2024 at 4:12 PM Matthias Bertschy ***@***.***> wrote:
@slashben <https://github.com/slashben> as I told you I had to revert
this PR a few releases ago... we should work on it again in order to fix
that
—
Reply to this email directly, view it on GitHub
<#117 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AODLOPVW55N5ARTLXHZ65UDZ3UICLAVCNFSM6AAAAABIMUQSDGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIMJTHA3TQNZSGU>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
The current implementation does not validate peer TLS certificates and any client can connect it and pull data. It should only be the Kubernetes API server that is allowed to do queries.
The text was updated successfully, but these errors were encountered: