I've been testing OIDC for authentication using the work done in kubernetes-client/python-base#48 and came across an issue refreshing credentials because I do not specify idp-certificate-authority-data in my kubeconfig. This issue has already been brought up: #368 (comment). As kubectl does not require this key I don't think the python client should either.
Another potential issue is the lack of support for the idp-certificate-authority key which allows you to load CA certificates from a file. I was attempting to use this to get around the issue mentioned above by loading a trusted root CA bundle. I could convert the entire file to base64 and add it as a value for idp-certificate-authority-data but this results in an unwieldy kubeconfig file.
I've been testing OIDC for authentication using the work done in kubernetes-client/python-base#48 and came across an issue refreshing credentials because I do not specify
idp-certificate-authority-datain my kubeconfig. This issue has already been brought up: #368 (comment). Askubectldoes not require this key I don't think the python client should either.Another potential issue is the lack of support for the
idp-certificate-authoritykey which allows you to load CA certificates from a file. I was attempting to use this to get around the issue mentioned above by loading a trusted root CA bundle. I could convert the entire file to base64 and add it as a value foridp-certificate-authority-databut this results in an unwieldy kubeconfig file.