Christian Simon
Christian Simon
Ideally the header fields should be configurable as well. My identity proxy gives me: **`X-Auth-Request-Email`**
@nrocco thanks for letting me know. I was planning to upgrade my cluster to 1.5 this evening. If there would be a major problem with 1.5 it would be P0....
Thanks for reporting that should be fixed
Interesting issue, can you provide the cli flags you run your API server with? It looks like you requiring cert auth against Kubernetes API
@lukesmith have you tried to mount a kubeconfig file using a secret to `/root/.kube/config`? It think this is preventing it from working: https://github.com/jetstack/kube-lego/blob/master/pkg/kubelego/kube.go#L23 But it would be good to make...
Thanks for reporting this, this is on my list as well. kube-lego needs quite extensive permissions. Which are different in the multiple environments: - RW global secrets - Read/Watches global...
When I wrote the README, I was using the lego library and they have a similar statement in their [README](https://github.com/xenolf/lego/blob/master/README.md) As we are now using acme library and I use...
Will make it more explicit in the docs/yaml and try to check the origin of a user cert before using it. (a.k.a. auto delete of non matching user key/cert after...
This is a GCE ingress controller bug, please file the bug here: https://github.com/kubernetes/ingress
Thanks @lestrrat for your PR. I think the best solution would be to always return something. Maybe we just return a hash of ("$id:$host_header"). That would allow us to check...