client: rustls is incompatible the env-based in-cluster config #1003
Comments
olix0r
changed the title
|
This may be related to #991. |
|
As per 0.77.0, we now use @MikailBag 's idea of passing |
flavio
added a commit
to flavio/kwctl
that referenced
this issue
Mar 15, 2023
kwctl is built using rustls enabled. Unfortunately rustls does not support validating IP addresses yet (see kube-rs/kube#1003). This commit introduces a workaround to address this limitation. This is required to make sure users can run context aware policies against minikube, k3d and other local development solution that deploy kubernetes in this way. Signed-off-by: Flavio Castelli <[email protected]>
flavio
added a commit
to flavio/kwctl
that referenced
this issue
Mar 15, 2023
kwctl is built using rustls enabled. Unfortunately rustls does not support validating IP addresses yet (see kube-rs/kube#1003). This commit introduces a workaround to address this limitation. This is required to make sure users can run context aware policies against minikube, k3d and other local development solution that deploy kubernetes in this way. Signed-off-by: Flavio Castelli <[email protected]>
flavio
added a commit
to flavio/kwctl
that referenced
this issue
Mar 15, 2023
kwctl is built using rustls enabled. Unfortunately rustls does not support validating IP addresses yet (see kube-rs/kube#1003). This commit introduces a workaround to address this limitation. This is required to make sure users can run context aware policies against minikube, k3d and other local development solution that deploy kubernetes in this way. Signed-off-by: Flavio Castelli <[email protected]>
flavio
added a commit
to flavio/kwctl
that referenced
this issue
Mar 15, 2023
kwctl is built using rustls enabled. Unfortunately rustls does not support validating IP addresses yet (see kube-rs/kube#1003). This commit introduces a workaround to address this limitation. This is required to make sure users can run context aware policies against minikube, k3d and other local development solution that deploy kubernetes in this way. Signed-off-by: Flavio Castelli <[email protected]>
flavio
added a commit
to flavio/kwctl
that referenced
this issue
Mar 15, 2023
kwctl is built using rustls enabled. Unfortunately rustls does not support validating IP addresses yet (see kube-rs/kube#1003). This commit introduces a workaround to address this limitation. This is required to make sure users can run context aware policies against minikube, k3d and other local development solution that deploy kubernetes in this way. Signed-off-by: Flavio Castelli <[email protected]>
flavio
added a commit
to flavio/kwctl
that referenced
this issue
Mar 16, 2023
kwctl is built using rustls enabled. Unfortunately rustls does not support validating IP addresses yet (see kube-rs/kube#1003). This commit introduces a workaround to address this limitation. This is required to make sure users can run context aware policies against minikube, k3d and other local development solution that deploy kubernetes in this way. Signed-off-by: Flavio Castelli <[email protected]>
flavio
added a commit
to kubewarden/kwctl
that referenced
this issue
Mar 16, 2023
kwctl is built using rustls enabled. Unfortunately rustls does not support validating IP addresses yet (see kube-rs/kube#1003). This commit introduces a workaround to address this limitation. This is required to make sure users can run context aware policies against minikube, k3d and other local development solution that deploy kubernetes in this way. Signed-off-by: Flavio Castelli <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
As described in #1000, in-cluster Kubernetes clients must honor the
KUBERNETES_SERVICE_HOSTenvironment variable and cannot rely on this being identical tokubernetes.default.svc. Unfortunately, this value is usually an IP address, and webpki doesn't support IP address validation by IP (briansmith/webpki#54 rustls/webpki#4). Therefore, rustls cannot reliably be used with the default in-cluster configuration.Once these upstream issues are addressed, the client
Configdocumentation should be updated to remove caveats about rustls compatibility and CI changes (in #1001) should be reverted to test rustls in CI.The text was updated successfully, but these errors were encountered: