Difference between revisions of "Kube-root-ca.crt configMap"

From wikieduonline
Jump to navigation Jump to search
Tags: Mobile web edit, Mobile edit
Line 8: Line 8:
 
   
 
   
 
  If you want to use a custom certificate authority for your workloads, you should generate that CA separately, and distribute its CA certificate using a ConfigMap that your pods have access to read.
 
  If you want to use a custom certificate authority for your workloads, you should generate that CA separately, and distribute its CA certificate using a ConfigMap that your pods have access to read.
 +
 +
 +
{{is missing}}
  
 
== See also ==
 
== See also ==

Revision as of 12:17, 9 August 2023


Note:
Even though the custom CA certificate may be included in the filesystem (in the ConfigMap kube-root-ca.crt), you should not use that 
certificate authority for any purpose other than to verify internal Kubernetes endpoints. An example of an internal Kubernetes endpoint is the Service named kubernetes in the default namespace.

If you want to use a custom certificate authority for your workloads, you should generate that CA separately, and distribute its CA certificate using a ConfigMap that your pods have access to read.


 Warning: resource configmaps/kube-root-ca.crt is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used on resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically. secret/default-token-7z4zd created
Error from server (Conflict): error when applying patch:
.../...
to:
Resource: "/v1, Resource=configmaps", GroupVersionKind: "/v1, Kind=ConfigMap"
Name: "kube-root-ca.crt", Namespace: "your-namespace"
for: "your.yaml": Operation cannot be fulfilled on configmaps "kube-root-ca.crt": the object has been modified; please apply your changes to the latest version and try again

See also

Advertising: