java client is not taking the updated ca.crt/token and error out #3809
Comments
|
Any Help here? |
|
Yeah, the current auth code doesn't reload certificates if the files change. It would be a fairly significant effort to do so, but if you wanted to take it on, we'd be happy to review the design/PRs. |
|
Thanks @brendandburns , Will check if i can submit the PR for the same. |
I have a library which makes it easy to reload the ssl while listening for file changes. See here https://github.com/Hakky54/sslcontext-kickstart?tab=readme-ov-file#support-for-reloading-ssl-at-runtime I can also initiate a PR if you want |
|
@Hakky54 Sure, can you please provide the patch? I will also check from my side. |
|
Hi @suryag10 and @brendandburns I added my PR for adding this feature to kubernetes-client, see here: #3927 |
|
I would rather that we fixed this via the |
Describe the bug
updated ca.crt/token are not considered by the java k8s client and errors out
java.util.concurrent.ExecutionException: io.kubernetes.client.openapi.ApiException: javax.net.ssl.SSLHandshakeException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
Client Version
17.0.2
Kubernetes Version
1.21.12
Java Version
openjdk 17.0.12 2024-07-16 LTS
To Reproduce
update the k8s ca.crt and token with the new certificates.
Expected behavior
Java client should consider the latest ca.crt and token and K8S API access should succeed
Server (please complete the following information):
The text was updated successfully, but these errors were encountered: