From 449140390871ea4836cd413d3aa68d1e1e7adb1f Mon Sep 17 00:00:00 2001 From: Anton Kurbatov Date: Sun, 25 Sep 2022 14:01:42 +0000 Subject: [PATCH] magnum: add an option to create insecure TLS connections We use self-signed certificates in the openstack for test purposes. It is not always easy to bring a CA certificate. And so we ran into the problem that there is no option to not check the validity of the certificate in the autoscaler. This patch adds a new option for the magnum plugin: tls-insecure Signed-off-by: Anton Kurbatov --- .../cloudprovider/magnum/magnum_openstack_clients.go | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/cluster-autoscaler/cloudprovider/magnum/magnum_openstack_clients.go b/cluster-autoscaler/cloudprovider/magnum/magnum_openstack_clients.go index 66808ccb0a0f..2006306e316b 100644 --- a/cluster-autoscaler/cloudprovider/magnum/magnum_openstack_clients.go +++ b/cluster-autoscaler/cloudprovider/magnum/magnum_openstack_clients.go @@ -108,6 +108,7 @@ type Config struct { DomainName string `gcfg:"domain-name"` Region string CAFile string `gcfg:"ca-file"` + TLSInsecure string `gcfg:"tls-insecure"` SecretName string `gcfg:"secret-name"` SecretNamespace string `gcfg:"secret-namespace"` } @@ -169,15 +170,16 @@ func createProviderClient(cfg *Config, opts config.AutoscalingOptions) (*gopherc klog.V(5).Infof("Using user-agent %q", userAgent.Join()) + config := &tls.Config{} + config.InsecureSkipVerify = cfg.Global.TLSInsecure == "true" if cfg.Global.CAFile != "" { roots, err := certutil.NewPool(cfg.Global.CAFile) if err != nil { return nil, err } - config := &tls.Config{} config.RootCAs = roots - provider.HTTPClient.Transport = netutil.SetOldTransportDefaults(&http.Transport{TLSClientConfig: config}) } + provider.HTTPClient.Transport = netutil.SetOldTransportDefaults(&http.Transport{TLSClientConfig: config}) err = openstack.AuthenticateV3(provider, authOpts, gophercloud.EndpointOpts{}) if err != nil {