-
Kubernetes Submit Queue authored
Automatic merge from submit-queue add client-ca to configmap in kube-public Client CA information is not secret and it's required for any API server trying to terminate a TLS connection. This pull adds the information to configmaps in `kube-public` that look like this: ```yaml apiVersion: v1 data: client-ca.crt: | -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- requestheader-allowed-names: '["system:auth-proxy"]' requestheader-client-ca-file: | -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- requestheader-extra-headers-prefix: '["X-Remote-Extra-"]' requestheader-group-headers: '["X-Remote-Group"]' requestheader-username-headers: '["X-Remote-User"]' kind: ConfigMap metadata: creationTimestamp: 2017-02-22T17:54:37Z name: extension-apiserver-authentication namespace: kube-system resourceVersion: "6" selfLink: /api/v1/namespaces/kube-system/configmaps/extension-apiserver-authentication uid: fa1dd328-f927-11e6-8b0e-28d2447dc82b ``` @kubernetes/sig-auth-api-reviews @liggitt @kubernetes/sig-api-machinery-pr-reviews @lavalamp @sttts There will need to be a corresponding pull for permissions1519422a