Kiali custom root CA
Feature Request
Provide the ability to configure Kiali with a custom root CA. At minimum, allow OIDC to be configured with insecure_skip_verify_tls: true
.
Why
Our Keycloak instance is deployed with a certificate signed by a CA that is not in the Kiali trust store. This results in an error validating x509 certs when authenticating via OIDC. The current workaround is to manually patch the kiali configuration to set insecure_skip_verify_tls: true
. This is not ideal.
Proposed Solution
-
Add ability to configure the
insecure_skip_verify_tls
setting here -
Add the ability to provide the Kiali container with a custom root CA and add it to the trust store.
I'm not sure what this would look like. -
Make changes upstream to add the capability to specify a CA for the OIDC client.
It seems like changes would need to be made here.
I think this is an example of how it could work.