<azazel>
srhb: but in #60687 are you using something like curl --cacert /var/lib/kubernetes/secrets/ca.pem?
<srhb>
azazel: Yes
<srhb>
azazel: I pointed it at, uh.. config.services.kubernetes.pki.caCertPathPrefix + "pem"
<srhb>
azazel: Right now I don't really want to touch it before johanot checks in later, because you're right that it'll just fail, even in tests, without doing something to deal with pki and curl.
<srhb>
azazel: I've forgotten too much of k8s pki to dare change anything without johanot at least looking it over now :)
<azazel>
:-)
<azazel>
ok, no problem
<azazel>
for now I'm using -k
<srhb>
Yeah, I think I'm leaning towards that being the right solution anyway, given that the endpoint is exposed anyway.
<srhb>
And we can't know that people have proper pki set up...