From 7af3c7d75ea70bd4c981bd1542dae8a66cb96bff Mon Sep 17 00:00:00 2001 From: Clayton Coleman Date: Thu, 2 Oct 2014 10:25:09 -0400 Subject: [PATCH] Allow clients to skip TLS verification Adds -skip_tls_verify to any API server client. Also store in auth --- cmd/kubecfg/kubecfg.go | 4 ++++ pkg/client/flags.go | 2 ++ pkg/kubecfg/kubecfg.go | 1 + 3 files changed, 7 insertions(+) diff --git a/cmd/kubecfg/kubecfg.go b/cmd/kubecfg/kubecfg.go index 0e00ba87b8..f6dbb025b2 100644 --- a/cmd/kubecfg/kubecfg.go +++ b/cmd/kubecfg/kubecfg.go @@ -66,6 +66,7 @@ func init() { flag.StringVar(&clientConfig.CAFile, "certificate_authority", "", "Path to a cert. file for the certificate authority") flag.StringVar(&clientConfig.CertFile, "client_certificate", "", "Path to a client certificate for TLS.") flag.StringVar(&clientConfig.KeyFile, "client_key", "", "Path to a client key file for TLS.") + flag.BoolVar(&clientConfig.Insecure, "insecure_skip_tls_verify", clientConfig.Insecure, "If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure.") } var parser = kubecfg.NewParser(map[string]runtime.Object{ @@ -197,6 +198,9 @@ func main() { if auth.KeyFile != "" { clientConfig.KeyFile = auth.KeyFile } + if auth.Insecure != nil { + clientConfig.Insecure = *auth.Insecure + } } kubeClient, err := client.New(clientConfig) if err != nil { diff --git a/pkg/client/flags.go b/pkg/client/flags.go index c838a60ba0..da6423501b 100644 --- a/pkg/client/flags.go +++ b/pkg/client/flags.go @@ -20,10 +20,12 @@ package client // and cobra pflags (Posix style). type FlagSet interface { StringVar(p *string, name, value, usage string) + BoolVar(p *bool, name string, value bool, usage string) } // BindClientConfigFlags registers a standard set of CLI flags for connecting to a Kubernetes API server. func BindClientConfigFlags(flags FlagSet, config *Config) { flags.StringVar(&config.Host, "master", config.Host, "The address of the Kubernetes API server") flags.StringVar(&config.Version, "api_version", config.Version, "The API version to use when talking to the server") + flags.BoolVar(&config.Insecure, "insecure_skip_tls_verify", config.Insecure, "If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure.") } diff --git a/pkg/kubecfg/kubecfg.go b/pkg/kubecfg/kubecfg.go index cd1ac41565..57e9b9d94f 100644 --- a/pkg/kubecfg/kubecfg.go +++ b/pkg/kubecfg/kubecfg.go @@ -57,6 +57,7 @@ type AuthInfo struct { CAFile string CertFile string KeyFile string + Insecure *bool } // LoadAuthInfo parses an AuthInfo object from a file path. It prompts user and creates file if it doesn't exist.