Hi again @ishustava thanks for clarification.
That’s not quite true. It’s retrieving the CA that has signed the Consul client’s certificate.
But the CA’s certificate is already provided in the command in the argument-ca-file=/consul/tls/ca/tls.crt
This certificate exist in the container in the mentioned path /consul/tls/ca/tls.crt and it comes from Kubernetes secret referenced in helm chart tls configuration:
tls:
enabled: true
enableAutoEncrypt: true
caCert:
secretName: consul-ca-cert
secretKey: tls.crt
What kind of CA it tries to retrieve then?
Also here some discussions about consul-k8s get-consul-client-ca.
Thank you.