Skip to content

Commit

Permalink
Allow failover with http when tls communication is unauthorized (#1679)
Browse files Browse the repository at this point in the history
* allow failover with http when tls communication is unauthorized
  • Loading branch information
Charly Fontaine authored May 17, 2018

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
1 parent 60423bc commit 4ad6d64
Showing 2 changed files with 8 additions and 1 deletion.
5 changes: 4 additions & 1 deletion pkg/util/kubernetes/kubelet/kubelet.go
Original file line number Diff line number Diff line change
@@ -395,7 +395,10 @@ func (ku *KubeUtil) setupKubeletApiEndpoint() error {
log.Debugf("Kubelet endpoint is: %s", ku.kubeletApiEndpoint)
return nil
}
return fmt.Errorf("unexpected status code %d on endpoint %s%s", code, ku.kubeletApiEndpoint, kubeletPodPath)
if code != http.StatusUnauthorized {
return fmt.Errorf("unexpected status code %d on endpoint %s%s", code, ku.kubeletApiEndpoint, kubeletPodPath)
}
log.Warn("Failed to securely reach the kubelet over HTTPS. Trying a non secure connection over HTTP. We highly recommend configuring TLS to access the kubelet")
}
log.Debugf("Cannot query %s%s: %s", ku.kubeletApiEndpoint, kubeletPodPath, httpsUrlErr)

4 changes: 4 additions & 0 deletions releasenotes/notes/kubelet-http-attempt-66433aa43e37e3f7.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
---
issues:
- |
If the kubelet is not configured with TLS auth, the agent will fail to communicate with the API when it should still try HTTP.

0 comments on commit 4ad6d64

Please sign in to comment.