Merge pull request #179 from renoki-co/feature/skip-tls-checks-from-k…

…ubeconfig [feature] Add support for insecure-skip-tls-verify
renoki-co · Dec 30, 2021 · 9f72121 · 9f72121
2 parents 2949399 + 5356a66
commit 9f72121
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 0 deletions.
diff --git a/src/Traits/Cluster/LoadsFromKubeConfig.php b/src/Traits/Cluster/LoadsFromKubeConfig.php
@@ -44,6 +44,7 @@ public static function setTempFolder(string $tempFolder)
      */
     public static function fromKubeConfigVariable(string $context = null)
     {
+        /** @var \RenokiCo\PhpK8s\KubernetesCluster $this */
         $cluster = new static;
 
         if (! isset($_SERVER['KUBECONFIG'])) {
@@ -81,6 +82,7 @@ public static function fromKubeConfigVariable(string $context = null)
      */
     public static function fromKubeConfigYaml(string $yaml, string $context = null)
     {
+        /** @var \RenokiCo\PhpK8s\KubernetesCluster $this */
         $cluster = new static;
 
         return $cluster->loadKubeConfigFromArray(yaml_parse($yaml), $context);
@@ -126,6 +128,8 @@ public static function fromKubeConfigArray(array $kubeConfigArray, string $conte
      */
     protected function loadKubeConfigFromArray(array $kubeconfig, string $context = null)
     {
+        /** @var \RenokiCo\PhpK8s\KubernetesCluster $this */
+
         // Compute the context from the method, or in case it is passed as null
         // try to find it from the current kubeconfig's "current-context" field.
         $context = $context ?: ($kubeconfig['current-context'] ?? null);
@@ -186,6 +190,10 @@ protected function loadKubeConfigFromArray(array $kubeconfig, string $context =
             $this->withToken($userConfig['user']['token']);
         }
 
+        if (isset($clusterConfig['cluster']['insecure-skip-tls-verify']) && $clusterConfig['cluster']['insecure-skip-tls-verify']) {
+            $this->withoutSslChecks();
+        }
+
         return $this;
     }
 
@@ -202,6 +210,7 @@ protected function loadKubeConfigFromArray(array $kubeconfig, string $context =
      */
     protected function writeTempFileForContext(string $context, string $fileName, string $contents)
     {
+        /** @var \RenokiCo\PhpK8s\KubernetesCluster $this */
         $tempFolder = static::$tempFolder ?: sys_get_temp_dir();
 
         $tempFilePath = $tempFolder.DIRECTORY_SEPARATOR."ctx-{$context}-{$fileName}";
@@ -226,6 +235,7 @@ protected function writeTempFileForContext(string $context, string $fileName, st
      */
     protected static function mergeKubeconfigContents(array $kubeconfig1, array $kubeconfig2): array
     {
+        /** @var \RenokiCo\PhpK8s\KubernetesCluster $this */
         $kubeconfig1 += $kubeconfig2;
 
         foreach ($kubeconfig1 as $key => $value) {

diff --git a/tests/KubeConfigTest.php b/tests/KubeConfigTest.php
@@ -60,6 +60,21 @@ public function test_kube_config_from_yaml_file_with_paths_to_ssl()
         $this->assertEquals('/path/to/.minikube/client.key', $keyPath);
     }
 
+    public function test_kube_config_from_yaml_file_with_skip_tols()
+    {
+        $cluster = KubernetesCluster::fromKubeConfigYamlFile(__DIR__.'/cluster/kubeconfig.yaml', 'minikube-skip-tls');
+
+        [
+            'verify' => $verify,
+            'cert' => $certPath,
+            'ssl_key' => $keyPath,
+        ] = $cluster->getClient()->getConfig();
+
+        $this->assertFalse($verify);
+        $this->assertEquals('/path/to/.minikube/client3.crt', $certPath);
+        $this->assertEquals('/path/to/.minikube/client3.key', $keyPath);
+    }
+
     public function test_cluster_can_get_correct_config_for_token_socket_connection()
     {
         $cluster = KubernetesCluster::fromUrl('http://127.0.0.1:8080')->loadTokenFromFile(__DIR__.'/cluster/token.txt');

diff --git a/tests/cluster/kubeconfig.yaml b/tests/cluster/kubeconfig.yaml
@@ -8,6 +8,11 @@ clusters:
     certificate-authority: /path/to/.minikube/ca.crt
     server: https://minikube-2:8443
   name: minikube-2
+- cluster:
+    certificate-authority: /path/to/.minikube/ca.crt
+    server: https://minikube-2:8443
+    insecure-skip-tls-verify: true
+  name: minikube-skip-tls
 contexts:
 - context:
     cluster: minikube
@@ -19,6 +24,11 @@ contexts:
     user: minikube-2
   name: minikube-2
   namespace: some-namespace
+- context:
+    cluster: minikube-skip-tls
+    user: minikube-skip-tls
+  name: minikube-skip-tls
+  namespace: some-namespace
 - context:
     cluster: no-cluster
     user: minikube
@@ -41,3 +51,7 @@ users:
   user:
     client-certificate: /path/to/.minikube/client.crt
     client-key: /path/to/.minikube/client.key
+- name: minikube-skip-tls
+  user:
+    client-certificate: /path/to/.minikube/client3.crt
+    client-key: /path/to/.minikube/client3.key