Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update Cilium migration how-to to always use
api-int
We can't use the public `api` record since Cilium simply patches the clientset generated by `InClusterConfig()` [1] with the provided API host name, cf. `createConfig()` [2]. Notably, the clientset still uses the K8s-managed in-cluster CA bundle which isn't suitable for validating public certificates. If we actually want to use `api` record, we'd have to somehow configure Cilium to use a custom kubeconfig (which I'm not sure is possible when running Cilium in a cluster). [1]: https://pkg.go.dev/k8s.io/client-go/rest#InClusterConfig [2]: https://github.com/cilium/cilium/blob/bb81b095cb64053887e3cb087b53518c162beec6/pkg/k8s/client/cell.go#L348-L352
- Loading branch information