github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-09-14 13:45:06 +00:00
Code Issues Projects Releases Wiki Activity

Make "--insecure-skip-tls-verify" work on all cases

Browse Source 
In the getting started example of AWS, the master uses an IP that is changed on
stop/start. If you are playing with a cluster and stop and start the master,
the IP is changed and you can't connect again, even using the
"--insecure-skip-tls-verify" option.

This patch fixes it and makes the option work on those cases too by making
sure no CA/CAData is added when it shouldn't.
This commit is contained in:
Rodrigo Campos
2016-03-17 17:35:16 -03:00
parent 2bb6f74bf9
commit c0af96ccc2
2 changed files with 33 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
pkg/client/unversioned/clientcmd/client_config.go
View File

@@ -305,6 +305,14 @@ func (config *DirectClientConfig) getCluster() clientcmdapi.Cluster {
mergo.Merge(&mergedClusterInfo, configClusterInfo) mergo.Merge(&mergedClusterInfo, configClusterInfo)
} }
mergo.Merge(&mergedClusterInfo, config.overrides.ClusterInfo) mergo.Merge(&mergedClusterInfo, config.overrides.ClusterInfo)
// An override of --insecure-skip-tls-verify=true and no accompanying CA/CA data should clear already-set CA/CA data
// otherwise, a kubeconfig containing a CA reference would return an error that "CA and insecure-skip-tls-verify couldn't both be set"
caLen := len(config.overrides.ClusterInfo.CertificateAuthority)
caDataLen := len(config.overrides.ClusterInfo.CertificateAuthorityData)
if config.overrides.ClusterInfo.InsecureSkipTLSVerify && caLen == 0 && caDataLen == 0 {
mergedClusterInfo.CertificateAuthority = ""
mergedClusterInfo.CertificateAuthorityData = nil
}
return mergedClusterInfo return mergedClusterInfo
} }

25
pkg/client/unversioned/clientcmd/client_config_test.go
View File

@@ -65,6 +65,31 @@ func createValidTestConfig() *clientcmdapi.Config {
return config return config
} }
func createCAValidTestConfig() *clientcmdapi.Config {
config := createValidTestConfig()
config.Clusters["clean"].CertificateAuthorityData = []byte{0, 0}
return config
}
func TestInsecureOverridesCA(t *testing.T) {
config := createCAValidTestConfig()
clientBuilder := NewNonInteractiveClientConfig(*config, "clean", &ConfigOverrides{
ClusterInfo: clientcmdapi.Cluster{
InsecureSkipTLSVerify: true,
},
})
actualCfg, err := clientBuilder.ClientConfig()
if err != nil {
t.Errorf("Unexpected error: %v", err)
}
matchBoolArg(true, actualCfg.Insecure, t)
matchStringArg("", actualCfg.TLSClientConfig.CAFile, t)
matchByteArg(nil, actualCfg.TLSClientConfig.CAData, t)
}
func TestMergeContext(t *testing.T) { func TestMergeContext(t *testing.T) {
const namespace = "overriden-namespace" const namespace = "overriden-namespace"