kubernetes x509 not signed by a valid certificate authority

 If just doing tests, you can modify config file under the desired cluster

- cluster:

    insecure-skip-tls-verify

Cloudfront with public S3 bucket

 Use OAI so not all object are public in the bucket:

https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html

vi: stay at matching result after escape

 set cpoptions+=x