10:32 <azazel> I'm the only one suffering from https://github.com/NixOS/nixpkgs/issues/60687 ?

17:29 <azazel> srhb: but in #60687 are you using something like curl --cacert /var/lib/kubernetes/secrets/ca.pem?

17:30 <srhb> azazel: Yes

17:30 <srhb> azazel: I pointed it at, uh.. config.services.kubernetes.pki.caCertPathPrefix + "pem"

17:30 <srhb> azazel: Right now I don't really want to touch it before johanot checks in later, because you're right that it'll just fail, even in tests, without doing something to deal with pki and curl.

17:31 <srhb> azazel: I've forgotten too much of k8s pki to dare change anything without johanot at least looking it over now :)

17:31 <azazel> :-)

17:31 <azazel> ok, no problem

17:31 <azazel> for now I'm using -k

17:34 <srhb> Yeah, I think I'm leaning towards that being the right solution anyway, given that the endpoint is exposed anyway.

17:34 <srhb> And we can't know that people have proper pki set up...