8000 Respect `insecure-skip-tls-verify` on kubeconfig by Selvaticus · Pull Request #103 · cloudcoil/cloudcoil · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Respect insecure-skip-tls-verify on kubeconfig #103

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Feb 15, 2025
Merged

Respect insecure-skip-tls-verify on kubeconfig #103

merged 4 commits into from
Feb 15, 2025

Conversation

Selvaticus
Copy link
Contributor

Pull Request Checklist

Description of PR
Currently, cloudcoil expect certificate data to be present on the kubeconfig and respects it. The problem is not always will users have that, although not best practice sometimes users will just want to skip the api-server certificate verification.
This is done through setting insecure-skip-tls-verify: True on the cluster data section.

Currently, cloudcoil does not check for such option and will carry on with the information available which means using the default SSLContext and using whatever CAs are available in the machine. If the machine is not set up to be able to verify the api-server certificate the connection will fail with an SSL error.

This PR adds a check for the value of insecure-skip-tls-verify and if True it will skip setting a SSLContext and will set httpx.Client to not check the server certificate

@Selvaticus
Check for skip-tls instructions
0476e85 
Signed-off-by: Diogo Silva <Selvaticus@users.noreply.github.com>
@Selvaticus Selvaticus force-pushed the respect-skip-tls-on-kubeconfig branch from 93839ca to 0476e85 Compare February 14, 2025 23:25
@sambhav
Copy link
Contributor
sambhav commented Feb 15, 2025

@Selvaticus the CI seems to be failing. Also can we name the Config flag the same as kubeconfig but snake case?

@Selvaticus
Fix lint
3bc2c0e 
Signed-off-by: Diogo Silva <Selvaticus@users.noreply.github.com>
@Selvaticus
rename flag
17786f0 
Signed-off-by: Diogo Silva <Selvaticus@users.noreply.github.com>
@Selvaticus
Copy link
Contributor Author

This probably should also be a parameter to the Config.

If it allows for a kubeconfig free set up then it should also allow for for skip tls verification, right?

@sambhav
Copy link
Contributor
sambhav commented Feb 15, 2025

I agree

@codecov Codecov
Copy link
codecov bot commented Feb 15, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

✅ All tests successful. No failed tests found.

Files with missing lines Coverage Δ
cloudcoil/client/_config.py 72.44% <100.00%> (+0.78%) ⬆️

@sambhav
Add skip_verify flag to config
b701c48 
Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>
@sambhav sambhav enabled auto-merge (squash) February 15, 2025 22:16
@sambhav sambhav merged commit 503bf5d into cloudcoil:main Feb 15, 2025
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Selvaticus @sambhav
0