Add functionality to pull OIDC provider CA file #11294
Labels
kind/feature
Categorizes issue or PR as related to a new feature.
lifecycle/rotten
Denotes an issue or PR that has aged beyond stale and will be auto-closed.
What would you like to be added
Add a pre-install task which gives the option to download a root CA file to all master nodes.
Why is this needed
Currently, a user must download the CA file for their OIDC provider separately. Adding this functionality takes that burden off the user.
I have recently discovered this while setting up OIDC on my cluster with keycloak, which has it's certificate issued from Letsencrypt. Thankfully Letsencypt hosts their root CA on a webserver. -
curl https://letsencrypt.org/certs/isrg-root-x2.pem
The text was updated successfully, but these errors were encountered: