Installing fulcio failed due to domain confusion

[therealnb]

Description

Installing fulcio failed, the pods didn't come up. In the log

2023-04-22T20:13:45.002Z	�[31mFATAL�[0m	app/serve.go:187	error loading --config-path=/etc/fulcio-config/config.json: provider https://kubernetes.default.svc: oidc: issuer did not match the issuer returned by provider, expected "https://kubernetes.default.svc" got "https://kubernetes.default.svc.cluster.local"

Had to change the config to add '.cluster.local'

$ kubectl edit cm/fulcio-config

apiVersion: v1
data:
  config.json: |-
    {
      "OIDCIssuers": {
        "https://kubernetes.default.svc.cluster.local": {
          "IssuerURL": "https://kubernetes.default.svc.cluster.local",
          "ClientID": "sigstore",
          "Type": "kubernetes"
        }, ...

To get this to work.

Version
This was on the master branch sigs.k8s.io/release-utils/version.gitVersion=927786a-dirty

[therealnb]

Note there are sections in the code like this

# Install Fulcio and wait for it to come up
echo '::group:: Install Fulcio'
if [ "${NEED_TO_UPDATE_FULCIO_CONFIG}" == "true" ]; then
  echo "Fixing Fulcio config"
  cp config/fulcio/fulcio/200-configmap.yaml ./200-configmap.yaml
  # The sed works differently in mac and other places, so just shuffle
  # files around for now.
  sed 's@https://kubernetes.default.svc.cluster.local@https://kubernetes.default.svc@' config/fulcio/fulcio/200-configmap.yaml > ./200-configmap-new.yaml
  mv ./200-configmap-new.yaml config/fulcio/fulcio/200-configmap.yaml
fi
make ko-apply-fulcio
echo '::endgroup::'

And although NEED_TO_UPDATE_FULCIO_CONFIG is false, this looks like it is kind/k8s version dependent.

[therealnb]

There is a PR to fix this here #623.

The PR fails checks, but remains a good change if you want to get things running locally.