I have a k8s cluster deployed in a public cloud whose api server is accessible via public IPs. I typically interact with my cluster via kubectl and I have two scenarios for how it is done:
- From home
- From the office
#1 works fine and causes no issues #2 is a problem because the office network sends traffic through a proxy and injects a self signed cert. As a result I get "x509: certificate signed by unknown authority" errors.
At the moment I have found two workarounds:
- Include the
--insecure-skip-tls-verifyoption for each command - Update my cluster definition in kubeconfig to include
insecure-skip-tls-verify: true
While both work, I am looking for a superior solution.
I know that kubeconfig allows the specification of a certificate-authority to be used when connecting to a cluster but I am not sure how to get it to work.
Specifically:
- Since the CA will be different depending on whether I connect from home or the office, can I specify two CA's?
- How do I get the CA being used from the office and convert it to a file that I can use with the
certificate-authoritykey?
