apiVersion: v1
clusters:
- cluster:
    server: https://localhost:6443
    insecure-skip-tls-verify: true
  name: local
contexts:
- context:
    cluster: local
    namespace: default
    user: user
  name: Default
current-context: Default
kind: Config
preferences: {}
users:
- name: user
  user:
    # Providing ANY credentials in `insecure-skip-tls-verify` mode is unwise due to MITM risk.
    # At least client certs are not as catastrophic as bearer tokens.
    #
    # This combination of insecure + client certs was once broken in kubernetes but
    # is meaningful since 2015 (https://github.com/kubernetes/kubernetes/pull/15430).
    client-certificate: external-cert.pem
    client-key: external-key.rsa