Difference between revisions of "Kube-root-ca.crt configMap"
Jump to navigation
Jump to search
Line 9: | Line 9: | ||
If you want to use a custom certificate authority for your workloads, you should generate that CA separately, and distribute its CA certificate using a ConfigMap that your pods have access to read. | If you want to use a custom certificate authority for your workloads, you should generate that CA separately, and distribute its CA certificate using a ConfigMap that your pods have access to read. | ||
− | + | [[kubectl apply]] | |
{{is missing}} | {{is missing}} | ||
Revision as of 12:18, 9 August 2023
Note: Even though the custom CA certificate may be included in the filesystem (in the ConfigMap kube-root-ca.crt), you should not use that certificate authority for any purpose other than to verify internal Kubernetes endpoints. An example of an internal Kubernetes endpoint is the Service named kubernetes in the default namespace. If you want to use a custom certificate authority for your workloads, you should generate that CA separately, and distribute its CA certificate using a ConfigMap that your pods have access to read.
kubectl apply Warning: resource configmaps/kube-root-ca.crt is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used on resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically. secret/default-token-7z4zd created Error from server (Conflict): error when applying patch: .../... to: Resource: "/v1, Resource=configmaps", GroupVersionKind: "/v1, Kind=ConfigMap" Name: "kube-root-ca.crt", Namespace: "your-namespace" for: "your.yaml": Operation cannot be fulfilled on configmaps "kube-root-ca.crt": the object has been modified; please apply your changes to the latest version and try again
See also
Advertising: