Improve TLS handling in OpenIDConnectAuthenticator by abnsy · Pull Request #4417 · kubernetes-client/java
I’m sending a small security improvement for the OIDC authenticator. When the kubeconfig doesn’t include idp-certificate authority-data the code leaves sslContext as null and falls back to the OS trust store. This can behave differently depending on the environment and isn’t always secure. In this update I added a default SSLContext that always uses the system CA.... If the user provides a custom CA, that one is still loaded and used instead. No behavior change other than making TLS more consistent and safer. Thanks!
k8s-ci-robot
added
cncf-cla: no
and removed cncf-cla: no
Indicates the PR's author has not signed the CNCF CLA.labels
Nov 20, 2025This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters