Skip to content

Commit

Permalink
Allow Use of Public CAs
Browse files Browse the repository at this point in the history 
As a public cloud operator it strikes me as odd that I have to supply a
CA certificate for every cluster that's created.  This leads to a bunch
of code that has to Dial the endpoint and extract the root CA (rather
than hard coding it - ugh!).  The whole point of the distroless base
container image is to distribute TLS root CAs, so allow the option to
use what's already present.
  • Loading branch information
@spjmurray
spjmurray committed Jul 18, 2023
1 parent 9d183bd commit 924aef2
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion pkg/scope/provider.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -153,13 +153,14 @@ func NewProviderClient(cloud clientconfig.Cloud, caCert []byte, logger logr.Logg
}

config := &tls.Config{
RootCAs: x509.NewCertPool(),
MinVersion: tls.VersionTLS12,
}
if cloud.Verify != nil {
config.InsecureSkipVerify = !*cloud.Verify
}

if caCert != nil {
config.RootCAs = x509.NewCertPool()
config.RootCAs.AppendCertsFromPEM(caCert)
}

Expand Down

0 comments on commit 924aef2

Please sign in to comment.