I have an admission controller to validate a request. I have tested the admission controller separately and it is working fine. Now I have implemented kube-rbac-proxy as a sidecar container. The sidecar container is https and it is expecting either a ca cert or a bearer token. The curl request with ca is working fine. When I am trying using kubectl command, it is giving me tls: bad certificate error. I have logged the request and I could not find any ca cert included in the request.
Admission controller(https server) alone is working fine. The curl request with corresponding ca cert is able to call the admission controller via kube-rbac-proxy. Implemented this to support tls.
Searching through the docs I think it's possible to make kubectl
pass a certificate in it's requests.
Client certificate authentication is enabled by passing the
--client-ca-file=SOMEFILE
option to API server. The referenced file must contain one or more certificate authorities to use to validate client certificates presented to the API server.
Edit: realized I have made a mistake in my initial answer, it's corrected now.