You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I noticed that both in the code and in the CRD schema, the caBundle field is required for the providers.externaldata.gatekeeper.sh.
In our use case, the external data provider uses a TLS certificated issued by a well-known CA, not a private CA or self-signed certificate. In this case I believe the Go HTTP client should be able to verify the certificate using the system's certificate stores. Do you think this field can be made optional? This will save some effort to extract the proper CA chain and set them in the config.
The text was updated successfully, but these errors were encountered:
I noticed that both in the code and in the CRD schema, the
caBundlefield is required for theproviders.externaldata.gatekeeper.sh.In our use case, the external data provider uses a TLS certificated issued by a well-known CA, not a private CA or self-signed certificate. In this case I believe the Go HTTP client should be able to verify the certificate using the system's certificate stores. Do you think this field can be made optional? This will save some effort to extract the proper CA chain and set them in the config.
The text was updated successfully, but these errors were encountered: