I found intresting thing, when i run kube-apiserver without --requestheader-client-ca-file
args, then kube-scheduler will failed to start and the error message is kube-system/extension-apiserver-authentication failed with : missing content for CA bundle "client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file
;
But about requestheader-client-ca-file
as doc describe is Note: front-proxy certificates are required only if you run kube-proxy to support an extension API server.
in PKI certificates and requirements | Kubernetes
what makes me confused is that why schudler relied on front-proxy certificate ?