From 3b56d16de76866da01d5cbdd3ce6602798e7327b Mon Sep 17 00:00:00 2001 From: Phil Batey Date: Fri, 29 May 2020 06:57:25 -0600 Subject: [PATCH] Add insecure_skip_tls_verify (#144) --- README.md | 1 + assets/common.sh | 13 +++++++++---- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 29292b3..f7bf584 100644 --- a/README.md +++ b/README.md @@ -18,6 +18,7 @@ resource_types: * `cluster_url`: *Optional.* URL to Kubernetes Master API service. Do not set when using the `kubeconfig_path` parameter, otherwise required. * `cluster_ca`: *Optional.* Base64 encoded PEM. Required if `cluster_url` is https. +* `insecure_skip_tls_verify`: *Optional* Skips verifying the `cluster_ca`. (Default: false). Ignored unless `cluster_url` is https. Useful for self-signed certificates. It is not recommended to use blindly. * `token`: *Optional.* Bearer token for Kubernetes. This, 'token_path' or `admin_key`/`admin_cert` are required if `cluster_url` is https. * `token_path`: *Optional.* Path to file containing the bearer token for Kubernetes. This, 'token' or `admin_key`/`admin_cert` are required if `cluster_url` is https. * `admin_key`: *Optional.* Base64 encoded PEM. Required if `cluster_url` is https and no `token` or 'token_path' is provided. diff --git a/assets/common.sh b/assets/common.sh index 1257d52..9c90cd2 100644 --- a/assets/common.sh +++ b/assets/common.sh @@ -24,10 +24,15 @@ setup_kubernetes() { admin_cert=$(jq -r '.source.admin_cert // ""' < $payload) token=$(jq -r '.source.token // ""' < $payload) token_path=$(jq -r '.params.token_path // ""' < $payload) - - ca_path="/root/.kube/ca.pem" - echo "$cluster_ca" | base64 -d > $ca_path - kubectl config set-cluster default --server=$cluster_url --certificate-authority=$ca_path + insecure_skip_tls_verify=$(jq -r '.source.insecure_skip_tls_verify // "false"' < $payload) + + if [ "$insecure_skip_tls_verify" = true ]; then + kubectl config set-cluster default --server=$cluster_url --insecure-skip-tls-verify + else + ca_path="/root/.kube/ca.pem" + echo "$cluster_ca" | base64 -d > $ca_path + kubectl config set-cluster default --server=$cluster_url --certificate-authority=$ca_path + fi if [ -f "$source/$token_path" ]; then kubectl config set-credentials admin --token=$(cat $source/$token_path)