Use internal api url for jwks #10888
Conversation
k8s-ci-robot
added
cncf-cla: yes
k8s-ci-robot
added
the
approved
olemarkus
force-pushed
the
internal-jwks
branch
from
a071c27 to
a78bd06
Compare
hakman
added
kind/office-hours
and removed
approved
|
/assign @justinsb |
|
@olemarkus: PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
the
needs-rebase
The public api url cannot be used by pods and nodes if access is restricted. So by default we need to use the internal one. This should finally pass the OIDC e2e test For public access, api server must be publically available and anonymous auth must be enabled
|
As discussed in the office hours, this is needed for the conformance test to work (and also for token volume projections to work in many cases). This can now be merged. /approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: olemarkus The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
|
/lgtm |
k8s-ci-robot
added
the
lgtm
olemarkus
removed
the
needs-rebase
…888-origin-release-1.20 Automated cherry pick of #10888: Use internal api url for jwks when required
The public api url cannot be used by pods and nodes if access is restricted. So by default we need to use the internal one.
This should finally pass the OIDC e2e test