Packaging for openSUSE: What is the purpose of the client.ClientCert* ldflags (and does it work without)?

[kastl-ars]

Dear maintainers,

thanks for this interesting tool, it will be really helpful for people having to migrate off of ingress-nginx. And I would really like to see more people using Traefik, to be honest. :-)

I had a look whether I could package it for the openSUSE Linux distribution. Packaging is straight forward and I get a "working" binary (i.e. I can get the help and version output). I did not yet test it against an actual cluster.

However, I was wondering what the purpose of the client.clientCert* ldflags was?

		-X github.com/traefik/ingress-nginx-migration/pkg/client.ClientCertB64=$(MTLS_CLIENT_CERT_B64) \
		-X github.com/traefik/ingress-nginx-migration/pkg/client.ClientKeyB64=$(MTLS_CLIENT_KEY_B64) \
		-X github.com/traefik/ingress-nginx-migration/pkg/client.CACertB64=$(MTLS_CA_CERT_B64)" \

https://github.com/traefik/ingress-nginx-migration/blob/main/Makefile#L25

Those come from GitHub secrets AFAICS. There is no way to include them safely into a openSUSE package (the builds are not private, no secrets possible).

What is the purpose of these certificate files? Does the binary fully work without specifying those certificates?

Kind Regards,
Johannes

[kastl-ars]

Just tested "my binary" against a test cluster and I successfully got a report.