Difference between revisions of "Kube-root-ca.crt configMap"

From wikieduonline
Jump to navigation Jump to search
Line 13: Line 13:
  
 
== See also ==
 
== See also ==
 +
* {{Configmap}}
 +
* {{K8s TLS}}
 
* {{TLS}}
 
* {{TLS}}
* {{K8s TLS}}
 
  
 
[[Category:K8s]]
 
[[Category:K8s]]

Revision as of 12:28, 9 August 2023


Note:
Even though the custom CA certificate may be included in the filesystem (in the ConfigMap kube-root-ca.crt), you should not use that 
certificate authority for any purpose other than to verify internal Kubernetes endpoints. An example of an internal Kubernetes endpoint is the Service named kubernetes in the default namespace.

If you want to use a custom certificate authority for your workloads, you should generate that CA separately, and distribute its CA certificate using a ConfigMap that your pods have access to read.
kubectl apply
 Warning: resource configmaps/kube-root-ca.crt is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used on resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically. secret/default-token-7z4zd created
Error from server (Conflict): error when applying patch:
.../...
to:
Resource: "/v1, Resource=configmaps", GroupVersionKind: "/v1, Kind=ConfigMap"
Name: "kube-root-ca.crt", Namespace: "your-namespace"
for: "your.yaml": Operation cannot be fulfilled on configmaps "kube-root-ca.crt": the object has been modified; please apply your changes to the latest version and try again

See also

Advertising: