Skip to content

Commit

Permalink
feat: ✨ skip TLS certificate verification when adding kubeconfig
Browse files Browse the repository at this point in the history
  • Loading branch information
@mayooot
mayooot committed Dec 24, 2024
1 parent 00e6c89 commit 1660b36
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 16 deletions.
29 changes: 22 additions & 7 deletions cmd/add.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,9 @@ type AddCommand struct {

// KubeConfigOption kubeConfig option
type KubeConfigOption struct {
config *clientcmdapi.Config
fileName string
config *clientcmdapi.Config
fileName string
insecureSkipTLSVerify bool
}

// Init AddCommand
Expand All @@ -45,6 +46,7 @@ func (ac *AddCommand) Init() {
ac.command.Flags().String("context-name", "", "override context name when add kubeconfig context, when context-name is set, context-prefix and context-template parameters will be ignored")
ac.command.Flags().StringSlice("context-template", []string{"context"}, "define the attributes used for composing the context name, available values: filename, user, cluster, context, namespace")
ac.command.Flags().Bool("select-context", false, "select the context to be added in interactive mode")
ac.command.Flags().Bool("insecure-skip-tls-verify", false, "if true, the server's certificate will not be checked for validity")
_ = ac.command.MarkFlagRequired("file")
ac.AddCommands(&DocsCommand{})
}
Expand All @@ -57,6 +59,7 @@ func (ac *AddCommand) runAdd(cmd *cobra.Command, args []string) error {
contextName, _ := ac.command.Flags().GetString("context-name")
contextTemplate, _ := ac.command.Flags().GetStringSlice("context-template")
selectContext, _ := ac.command.Flags().GetBool("select-context")
insecureSkipTLSVerify, _ := ac.command.Flags().GetBool("insecure-skip-tls-verify")

var newConfig *clientcmdapi.Config

Expand Down Expand Up @@ -91,22 +94,23 @@ func (ac *AddCommand) runAdd(cmd *cobra.Command, args []string) error {
}
}

err = AddToLocal(newConfig, file, contextPrefix, cover, selectContext, contextTemplate, context)
err = AddToLocal(newConfig, file, contextPrefix, cover, selectContext, contextTemplate, context, insecureSkipTLSVerify)
if err != nil {
return err
}
return nil
}

// AddToLocal add kubeConfig to local
func AddToLocal(newConfig *clientcmdapi.Config, path, contextPrefix string, cover bool, selectContext bool, contextTemplate []string, context []string) error {
func AddToLocal(newConfig *clientcmdapi.Config, path, contextPrefix string, cover bool, selectContext bool, contextTemplate []string, context []string, insecureSkipTLSVerify bool) error {
oldConfig, err := clientcmd.LoadFromFile(cfgFile)
if err != nil {
return err
}
kco := &KubeConfigOption{
config: newConfig,
fileName: getFileName(path),
config: newConfig,
fileName: getFileName(path),
insecureSkipTLSVerify: insecureSkipTLSVerify,
}
// merge context loop
outConfig, err := kco.handleContexts(oldConfig, contextPrefix, selectContext, contextTemplate, context)
Expand Down Expand Up @@ -253,8 +257,17 @@ func (kc *KubeConfigOption) handleContext(oldConfig *clientcmdapi.Config,
userName := fmt.Sprintf("%v%v", ctx.AuthInfo, userNameSuffix)
clusterName := fmt.Sprintf("%v%v", ctx.Cluster, clusterNameSuffix)
newCtx := ctx.DeepCopy()

// deep copy and clear CA data
cluster := kc.config.Clusters[newCtx.Cluster].DeepCopy()
if kc.insecureSkipTLSVerify {
cluster.InsecureSkipTLSVerify = true
cluster.CertificateAuthority = ""
cluster.CertificateAuthorityData = nil
}

newConfig.AuthInfos[userName] = kc.config.AuthInfos[newCtx.AuthInfo]
newConfig.Clusters[clusterName] = kc.config.Clusters[newCtx.Cluster]
newConfig.Clusters[clusterName] = cluster
newConfig.Contexts[name] = newCtx
newConfig.Contexts[name].AuthInfo = userName
newConfig.Contexts[name].Cluster = clusterName
Expand All @@ -280,5 +293,7 @@ kubecm add -f test.yaml --select-context
kubecm add -f test.yaml --context context1,context2
# Add kubeconfig from stdin
cat /etc/kubernetes/admin.conf | kubecm add -f -
# Merge test.yaml with $HOME/.kube/config and skip TLS certificate verification
kubecm add -f test.yaml --insecure-skip-tls-verify
`
}
19 changes: 10 additions & 9 deletions cmd/cloud_add.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ func (ca *CloudAddCommand) runCloudAdd(cmd *cobra.Command, args []string) error
context, _ := ca.command.Flags().GetStringSlice("context")
selectContext, _ := ca.command.Flags().GetBool("select-context")
contextTemplate, _ := ca.command.Flags().GetStringSlice("context-template")
insecureSkipTLSVerify, _ := ca.command.Flags().GetBool("insecure-skip-tls-verify")
var num int
if provider == "" {
num = selectCloud(Clouds, "Select Cloud")
Expand Down Expand Up @@ -77,7 +78,7 @@ func (ca *CloudAddCommand) runCloudAdd(cmd *cobra.Command, args []string) error
if err != nil {
return err
}
err = AddToLocal(newConfig, clusters[clusterNum].Name, "", cover, selectContext, contextTemplate, context)
err = AddToLocal(newConfig, clusters[clusterNum].Name, "", cover, selectContext, contextTemplate, context, insecureSkipTLSVerify)
if err != nil {
return err
}
Expand All @@ -90,7 +91,7 @@ func (ca *CloudAddCommand) runCloudAdd(cmd *cobra.Command, args []string) error
if err != nil {
return err
}
err = AddToLocal(newConfig, fmt.Sprintf("alicloud-%s", clusterID), "", cover, selectContext, contextTemplate, context)
err = AddToLocal(newConfig, fmt.Sprintf("alicloud-%s", clusterID), "", cover, selectContext, contextTemplate, context, insecureSkipTLSVerify)
if err != nil {
return err
}
Expand Down Expand Up @@ -130,7 +131,7 @@ func (ca *CloudAddCommand) runCloudAdd(cmd *cobra.Command, args []string) error
if err != nil {
return err
}
err = AddToLocal(newConfig, clusters[clusterNum].Name, "", cover, selectContext, contextTemplate, context)
err = AddToLocal(newConfig, clusters[clusterNum].Name, "", cover, selectContext, contextTemplate, context, insecureSkipTLSVerify)
if err != nil {
return err
}
Expand All @@ -143,7 +144,7 @@ func (ca *CloudAddCommand) runCloudAdd(cmd *cobra.Command, args []string) error
if err != nil {
return err
}
err = AddToLocal(newConfig, fmt.Sprintf("tencent-%s", clusterID), "", cover, selectContext, contextTemplate, context)
err = AddToLocal(newConfig, fmt.Sprintf("tencent-%s", clusterID), "", cover, selectContext, contextTemplate, context, insecureSkipTLSVerify)
if err != nil {
return err
}
Expand Down Expand Up @@ -172,7 +173,7 @@ func (ca *CloudAddCommand) runCloudAdd(cmd *cobra.Command, args []string) error
if err != nil {
return err
}
err = AddToLocal(newConfig, clusters[clusterNum].Name, "", cover, selectContext, contextTemplate, context)
err = AddToLocal(newConfig, clusters[clusterNum].Name, "", cover, selectContext, contextTemplate, context, insecureSkipTLSVerify)
if err != nil {
return err
}
Expand All @@ -185,7 +186,7 @@ func (ca *CloudAddCommand) runCloudAdd(cmd *cobra.Command, args []string) error
if err != nil {
return err
}
err = AddToLocal(newConfig, fmt.Sprintf("rancher-%s", clusterID), "", cover, selectContext, contextTemplate, context)
err = AddToLocal(newConfig, fmt.Sprintf("rancher-%s", clusterID), "", cover, selectContext, contextTemplate, context, insecureSkipTLSVerify)
if err != nil {
return err
}
Expand Down Expand Up @@ -222,7 +223,7 @@ func (ca *CloudAddCommand) runCloudAdd(cmd *cobra.Command, args []string) error
if err != nil {
return err
}
err = AddToLocal(newConfig, fmt.Sprintf("aws-%s", clusterID), "", cover, selectContext, contextTemplate, context)
err = AddToLocal(newConfig, fmt.Sprintf("aws-%s", clusterID), "", cover, selectContext, contextTemplate, context, insecureSkipTLSVerify)
if err != nil {
return err
}
Expand Down Expand Up @@ -282,7 +283,7 @@ func (ca *CloudAddCommand) runCloudAdd(cmd *cobra.Command, args []string) error
if err != nil {
return err
}
return AddToLocal(newConfig, fmt.Sprintf("azure-%s", clusterID), "", cover, selectContext, contextTemplate, context)
return AddToLocal(newConfig, fmt.Sprintf("azure-%s", clusterID), "", cover, selectContext, contextTemplate, context, insecureSkipTLSVerify)
}

subscriptionList, err := azure.ListSubscriptions()
Expand Down Expand Up @@ -335,7 +336,7 @@ func (ca *CloudAddCommand) runCloudAdd(cmd *cobra.Command, args []string) error
if err != nil {
return err
}
return AddToLocal(newConfig, fmt.Sprintf("azure-%s", clusterID), "", cover, selectContext, contextTemplate, context)
return AddToLocal(newConfig, fmt.Sprintf("azure-%s", clusterID), "", cover, selectContext, contextTemplate, context, insecureSkipTLSVerify)

}
return nil
Expand Down

0 comments on commit 1660b36

Please sign in to comment.