mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-11-13 23:15:10 +00:00
64243d4806
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Setup TLS with CA Cert for vsphere cloud provider - Extend config to take a path to a CA Certificate - Use the CA Cert when establishing a connection with the SOAP client Testing We provide certs and keys for tests as fixtures, `vclib/fixtures`. Those were created (and can be regenerated) using `vclib/fixtures/createCerts.sh`. At the moment it's possible to configure a CA path and at the same time allow insecure communication between vsphere cloud provider and vcenter. This may change in the future; we might opt for overwriting the insecure communication if a CA is configured / log and transparently pass the arguments to the vcenter command / other. To be discussed. At the moment the CA is a global level configuration. In other words, all vcenter servers need to use certificates signed by the same CA. There might be use cases for different CA per vcenter server; to be discussed. **What this PR does / why we need it**: This PR adds the option of configuring a trusted CA for the communication between the vsphere cloud provider and the vcenter control plane. **Which issue(s) this PR fixes**: Fixes #64222 **Special notes for your reviewer**: **Release note**: ```release-note - Can configure the vsphere cloud provider with a trusted Root-CA ```