magnum: add an option to create insecure TLS connections

We use self-signed certificates in the openstack for test purposes. It is not always easy to bring a CA certificate. And so we ran into the problem that there is no option to not check the validity of the certificate in the autoscaler. This patch adds a new option for the magnum plugin: tls-insecure Signed-off-by: Anton Kurbatov <[email protected]>
kubernetes · Sep 25, 2022 · 4491403 · 4491403
1 parent 70efe28
commit 4491403
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/cluster-autoscaler/cloudprovider/magnum/magnum_openstack_clients.go b/cluster-autoscaler/cloudprovider/magnum/magnum_openstack_clients.go
@@ -108,6 +108,7 @@ type Config struct {
 		DomainName      string `gcfg:"domain-name"`
 		Region          string
 		CAFile          string `gcfg:"ca-file"`
+		TLSInsecure     string `gcfg:"tls-insecure"`
 		SecretName      string `gcfg:"secret-name"`
 		SecretNamespace string `gcfg:"secret-namespace"`
 	}
@@ -169,15 +170,16 @@ func createProviderClient(cfg *Config, opts config.AutoscalingOptions) (*gopherc
 
 	klog.V(5).Infof("Using user-agent %q", userAgent.Join())
 
+	config := &tls.Config{}
+	config.InsecureSkipVerify = cfg.Global.TLSInsecure == "true"
 	if cfg.Global.CAFile != "" {
 		roots, err := certutil.NewPool(cfg.Global.CAFile)
 		if err != nil {
 			return nil, err
 		}
-		config := &tls.Config{}
 		config.RootCAs = roots
-		provider.HTTPClient.Transport = netutil.SetOldTransportDefaults(&http.Transport{TLSClientConfig: config})
 	}
+	provider.HTTPClient.Transport = netutil.SetOldTransportDefaults(&http.Transport{TLSClientConfig: config})
 
 	err = openstack.AuthenticateV3(provider, authOpts, gophercloud.EndpointOpts{})
 	if err != nil {