Jimmi Dyson

See how this is done in Jenkins app. Either set env var KUBERNETES_TRUST_CERT=true or set KUBERNETES_CA_CERTIFICATE_FILE iirc to correct path to secret (something like /etc/secret-volume/root-cert). You'll also need to ensure...

`kubernetes.default.svc` was the address suggested to us by a RHT Kubernetes maintainer... we could change this to kubernetes.default but i'd suggest to stackpoint that they should support the `kubernetes.default.svc` too...

Yeah, yet another workaround...

422 is a validation error IIRC. If you check in the web console you should be able to see what the error actually is - the console _should_ check this...

If you can look at the web console's network tab & tell us the error in the 422 response then that might give us more of an idea what's wrong.

So if you click on the requests with 422 status then you should be able to see the response payload which will hopefully give us more info.

So that gives us the error... now I have no idea why it's not set tbh - @jstrachan, @rawlingsj?

The error above shows: `BuildConfig "authorization-server2" is invalid: spec.source.sourceSecret.name: Required value"`

Right & that is totally expected because you've disabled the custom CA certificate... we enable this in fluentd to use the cluster CA certificate.

Can you check in the fluentd pod if the service account token & CA crt are mounted in the /var/run/kubernetes.io/serviceaccount directory in the pod?