Uploaded image for project: 'Red Hat Advanced Cluster Management'
  1. Red Hat Advanced Cluster Management
  2. ACM-16322

RFE - Generate the kubeconfig after api or ingress change

XMLWordPrintable

    • Icon: Feature Feature
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • None
    • Server Foundation
    • False
    • None
    • False
    • Not Selected

      Feature Overview

      Generate a new kubeconfig for the managed cluster if the ingress or the api certificate is configured.

      Goals

      The reason is when customer configured the certs, the original kubeconfig will fail with error "x509 signed by unknown authority". It requires, either using --skip-tls-verify=true, to omit the certificate verification, or requires configuration of the local kubeconfig as shown in article - https://access.redhat.com/solutions/7076376.

      With automatic regeneration of the kubeconfig with the CA from the api or ingress (usually in the proxy/cluster - .spec.trustedCA) it will remove the obstacle of manually configuring the kubeconfig.

      Requirements

      It would require 2 kubeconfigs generated, one plain without user, only for developers to use when doing "oc login" and second fully system:admin user kubeconfig, with client certs.

              pahickey@redhat.com Patrick Hickey
              rhn-support-vwalek Vladislav Walek
              Hui Chen Hui Chen
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: