A re-encrypt Route with destinationCACertificate explicitly set to the default serviceCA seems to skip internal Service TLS certificate validation, errorless serving content even if target Service certificate and certificate provided by target Pod(s) differ. Note that if we don't set destinationCACertificate in the Route yaml manifest (the Route will still implicitly use the same default serviceCA certificate, as described on the doc [1]) we will correctly get a error page. References: https://bugzilla.redhat.com/show_bug.cgi?id=2041857
Created ansible-collection-community-kubernetes tracking bugs for this issue: Affects: fedora-34 [bug 2083320] Affects: fedora-35 [bug 2083321]
Is there an estimated "fixed in" or eta for the fix? Thanks!