certificates and non-transparent proxy

[sei-avershave]

We have a company proxy that's affecting the certificates when trying to reach out to AKS.

x509: certificate signed by unknown authority (possibly because of “crypto/rsa: verification error” while trying to verify candidate authority certificate “ca”)

Is there a way around this other than adding the AKS API domain to the proxy or adding signed certificates to the cluster?

[philwelz]

Hey, this is intended by design as of the PKI requirements from Kubernetes described here.

The Azure docs for AKS describing that the API server cert is signed by the cluster CA can be found here

Using validly signed (CA) certs is not on the AKS roadmap - details