Tim Ramlot

@xaque208 Sorry, I don't think it is a good idea to provide your vault credentials to an untrusted server. An alternative minimal setup, that is very similar to yours, is...

`caBundle` does not work for an expired certificate, but you could issue a temporary certificate (eg. self-signed). Does Vault not offer an option to sign its own tls certificates?

I have to close your PR, since it is not a feature we want to support. I'll keep this issue open however so you can further discuss alternative ways of...

Thank you for sharing the results of this benchmark. Feel free to create PRs and/ or issues if you find a way to improve the results of this benchmark.

ref: https://github.com/cert-manager/cert-manager/issues/5419#issuecomment-1236641082

EDIT: I misinterpreted this PR The aim of this PR is that Vault traffic is encrypted, we just don't check if we trust the TLS certificate. The problem is that...

we have to make this feature cluster-issuer only because of security implications (accessing token file of other issuer) not sure if this is possible in the current design EDIT: maybe...

xref: https://github.com/cert-manager/cert-manager/issues/2334

does it make sense to have an option for generating a `deny-all` rule (ref: https://github.com/cert-manager/cert-manager/issues/2334#issuecomment-787726661)

> These looks like kind update triggered some instabilities in CI Yes, sorry. I'm working on fixing the tests.