Remove requirement for certificate authority and certificate authority data in kubeconfig. (#222)
* Remove requirement for certificate authority data in kubeconfig. * Update src/KubernetesClient/KubernetesClientConfiguration.ConfigFile.cs Update casing of `URL` at @itowlson suggestion. Co-Authored-By: twitchax <twitchax@gmail.com>
This commit is contained in:
Aaron Roney
committed by
Kubernetes Prow Robot
Kubernetes Prow Robot
parent
6bc54a68c4
commit
b7f79c924f
@@ -155,31 +155,23 @@ namespace k8s
|
|||||||
|
|
||||||
if (clusterDetails?.ClusterEndpoint == null)
|
if (clusterDetails?.ClusterEndpoint == null)
|
||||||
{
|
{
|
||||||
throw new KubeConfigException($"Cluster not found for context {activeContext} in kubeconfig");
|
throw new KubeConfigException($"Cluster not found for context `{activeContext}` in kubeconfig");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (string.IsNullOrWhiteSpace(clusterDetails.ClusterEndpoint.Server))
|
if (string.IsNullOrWhiteSpace(clusterDetails.ClusterEndpoint.Server))
|
||||||
{
|
{
|
||||||
throw new KubeConfigException($"Server not found for current-context {activeContext} in kubeconfig");
|
throw new KubeConfigException($"Server not found for current-context `{activeContext}` in kubeconfig");
|
||||||
}
|
}
|
||||||
Host = clusterDetails.ClusterEndpoint.Server;
|
|
||||||
|
|
||||||
|
Host = clusterDetails.ClusterEndpoint.Server;
|
||||||
SkipTlsVerify = clusterDetails.ClusterEndpoint.SkipTlsVerify;
|
SkipTlsVerify = clusterDetails.ClusterEndpoint.SkipTlsVerify;
|
||||||
|
|
||||||
try
|
if(!Uri.TryCreate(Host, UriKind.Absolute, out Uri uri))
|
||||||
{
|
{
|
||||||
var uri = new Uri(Host);
|
throw new KubeConfigException($"Bad server host URL `{Host}` (cannot be parsed)");
|
||||||
if (uri.Scheme == "https")
|
|
||||||
{
|
|
||||||
// check certificate for https
|
|
||||||
if (!clusterDetails.ClusterEndpoint.SkipTlsVerify &&
|
|
||||||
string.IsNullOrWhiteSpace(clusterDetails.ClusterEndpoint.CertificateAuthorityData) &&
|
|
||||||
string.IsNullOrWhiteSpace(clusterDetails.ClusterEndpoint.CertificateAuthority))
|
|
||||||
{
|
|
||||||
throw new KubeConfigException(
|
|
||||||
$"neither certificate-authority-data nor certificate-authority not found for current-context :{activeContext} in kubeconfig");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (uri.Scheme == "https")
|
||||||
|
{
|
||||||
if (!string.IsNullOrEmpty(clusterDetails.ClusterEndpoint.CertificateAuthorityData))
|
if (!string.IsNullOrEmpty(clusterDetails.ClusterEndpoint.CertificateAuthorityData))
|
||||||
{
|
{
|
||||||
var data = clusterDetails.ClusterEndpoint.CertificateAuthorityData;
|
var data = clusterDetails.ClusterEndpoint.CertificateAuthorityData;
|
||||||
@@ -191,11 +183,6 @@ namespace k8s
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
catch (UriFormatException e)
|
|
||||||
{
|
|
||||||
throw new KubeConfigException("Bad Server host url", e);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
private void SetUserDetails(K8SConfiguration k8SConfig, Context activeContext)
|
private void SetUserDetails(K8SConfiguration k8SConfig, Context activeContext)
|
||||||
{
|
{
|
||||||
|
|||||||
@@ -70,17 +70,6 @@ namespace k8s.Tests
|
|||||||
Assert.Equal(File.ReadAllText("assets/client-key-data.txt"), cfg.ClientCertificateKeyData);
|
Assert.Equal(File.ReadAllText("assets/client-key-data.txt"), cfg.ClientCertificateKeyData);
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <summary>
|
|
||||||
/// Checks that a KubeConfigException is thrown when no certificate-authority-data is set and user do not require tls
|
|
||||||
/// skip
|
|
||||||
/// </summary>
|
|
||||||
[Fact]
|
|
||||||
public void CheckClusterTlsCorrectness()
|
|
||||||
{
|
|
||||||
var fi = new FileInfo("assets/kubeconfig.tls-no-skip-error.yml");
|
|
||||||
Assert.Throws<KubeConfigException>(() => KubernetesClientConfiguration.BuildConfigFromConfigFile(fi));
|
|
||||||
}
|
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// Checks that a KubeConfigException is thrown when no certificate-authority-data is set and user do not require tls
|
/// Checks that a KubeConfigException is thrown when no certificate-authority-data is set and user do not require tls
|
||||||
/// skip
|
/// skip
|
||||||
|
|||||||
@@ -1,25 +0,0 @@
|
|||||||
# Sample file based on https://kubernetes.io/docs/tasks/access-application-cluster/authenticate-across-clusters-kubeconfig/
|
|
||||||
# WARNING: File includes minor fixes
|
|
||||||
---
|
|
||||||
current-context: federal-context
|
|
||||||
apiVersion: v1
|
|
||||||
clusters:
|
|
||||||
- cluster:
|
|
||||||
server: http://cow.org:8080
|
|
||||||
name: cow-cluster
|
|
||||||
- cluster:
|
|
||||||
# certificate-authority: path/to/my/cafile
|
|
||||||
server: https://horse.org:4443
|
|
||||||
name: horse-cluster
|
|
||||||
contexts:
|
|
||||||
- context:
|
|
||||||
cluster: horse-cluster
|
|
||||||
namespace: chisel-ns
|
|
||||||
user: green-user
|
|
||||||
name: federal-context
|
|
||||||
kind: Config
|
|
||||||
users:
|
|
||||||
- name: green-user
|
|
||||||
user:
|
|
||||||
client-certificate: assets/client.crt
|
|
||||||
client-key: assets/client.key
|
|
||||||
Reference in New Issue
Block a user