diff --git a/Dockerfile b/Dockerfile index 17908b425d..a5a23a2cd5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,39 +13,13 @@ # limitations under the License. # Build the manager binary -#FROM golang:1.12.9 as builder -# -## Copy in the go src -#WORKDIR ${GOPATH}/src/sigs.k8s.io/cluster-api-provider-openstack -#COPY pkg/ pkg/ -#COPY cmd/ cmd/ -#COPY vendor/ vendor/ -#COPY api/ api/ -#COPY controllers/ controllers/ -#COPY main.go main.go -#COPY go.mod go.mod -#COPY go.sum go.sum -# -## Build -#RUN CGO_ENABLED=0 GOOS=linux GO111MODULE=on GOFLAGS="-mod=vendor" \ -# go build -a -ldflags '-extldflags "-static"' \ -# -o manager sigs.k8s.io/cluster-api-provider-openstack -# -## Copy the controller-manager into a thin image -#FROM gcr.io/distroless/static:latest -#WORKDIR / -#COPY --from=builder /go/src/sigs.k8s.io/cluster-api-provider-openstack/manager . -#USER nobody -#ENTRYPOINT ["/manager"] - -# Build the manager binary -FROM golang:1.12.9 +FROM golang:1.12.9 as builder +WORKDIR /workspace # Run this with docker build --build_arg $(go env GOPROXY) to override the goproxy ARG goproxy=https://proxy.golang.org ENV GOPROXY=$goproxy -WORKDIR /workspace # Copy the Go Modules manifests COPY go.mod go.mod COPY go.sum go.sum @@ -54,17 +28,17 @@ COPY go.sum go.sum RUN go mod download # Copy the sources -COPY main.go main.go -COPY api/ api/ -COPY controllers/ controllers/ -COPY pkg/ pkg/ +COPY ./ ./ -# Allow containerd to restart pods by calling /restart.sh (mostly for tilt + fast dev cycles) -# TODO: Remove this on prod and use a multi-stage build -COPY third_party/forked/rerun-process-wrapper/start.sh . -COPY third_party/forked/rerun-process-wrapper/restart.sh . +# Build +ARG ARCH +RUN CGO_ENABLED=0 GOOS=linux GOARCH=${ARCH} \ + go build -a -ldflags '-extldflags "-static"' \ + -o manager . -# Build and run -RUN go install -v . -RUN mv /go/bin/cluster-api-provider-openstack /manager -ENTRYPOINT ["./start.sh", "/manager"] +# Copy the controller-manager into a thin image +FROM gcr.io/distroless/static:latest +WORKDIR / +COPY --from=builder /workspace/manager . +USER nobody +ENTRYPOINT ["/manager"] diff --git a/Makefile b/Makefile index 41a6324e00..4bce06f1ef 100644 --- a/Makefile +++ b/Makefile @@ -43,9 +43,9 @@ MOCKGEN := $(TOOLS_BIN_DIR)/mockgen # Define Docker related variables. Releases should modify and double check these vars. REGISTRY ?= gcr.io/$(shell gcloud config get-value project) -STAGING_REGISTRY := gcr.io/k8s-staging-cluster-api-openstack -PROD_REGISTRY := us.gcr.io/k8s-artifacts-prod/cluster-api-openstack -IMAGE_NAME ?= cluster-api-openstack-controller +STAGING_REGISTRY := gcr.io/k8s-staging-capi-openstack +PROD_REGISTRY := us.gcr.io/k8s-artifacts-prod/capi-openstack +IMAGE_NAME ?= capi-openstack-controller CONTROLLER_IMG ?= $(REGISTRY)/$(IMAGE_NAME) TAG ?= dev ARCH ?= amd64 @@ -225,7 +225,7 @@ docker-push-manifest: ## Push the fat manifest docker image. ## Minimum docker version 18.06.0 is required for creating and pushing manifest images. docker manifest create --amend $(CONTROLLER_IMG):$(TAG) $(shell echo $(ALL_ARCH) | sed -e "s~[^ ]*~$(CONTROLLER_IMG)\-&:$(TAG)~g") @for arch in $(ALL_ARCH); do docker manifest annotate --arch $${arch} ${CONTROLLER_IMG}:${TAG} ${CONTROLLER_IMG}-$${arch}:${TAG}; done - docker manifest push --purge ${CONTROLLER_IMG}:${TAG} + docker manifest push --purge $(CONTROLLER_IMG):$(TAG) MANIFEST_IMG=$(CONTROLLER_IMG) MANIFEST_TAG=$(TAG) $(MAKE) set-manifest-image .PHONY: set-manifest-image @@ -238,24 +238,35 @@ set-manifest-image: ## -------------------------------------- RELEASE_TAG := $(shell git describe --abbrev=0 2>/dev/null) +RELEASE_DIR := out + +$(RELEASE_DIR): + mkdir -p $(RELEASE_DIR)/ .PHONY: release -release: ## Builds and push container images using the latest git tag for the commit. +release: clean-release ## Builds and push container images using the latest git tag for the commit. @if [ -z "${RELEASE_TAG}" ]; then echo "RELEASE_TAG is not set"; exit 1; fi + @if ! [ -z "$$(git status --porcelain)" ]; then echo "Your local git repository contains uncommitted changes, use git clean before proceeding."; exit 1; fi + git checkout "${RELEASE_TAG}" # Push the release image to the staging bucket first. REGISTRY=$(STAGING_REGISTRY) TAG=$(RELEASE_TAG) \ $(MAKE) docker-build-all docker-push-all # Set the manifest image to the production bucket. MANIFEST_IMG=$(PROD_REGISTRY)/$(IMAGE_NAME) MANIFEST_TAG=$(RELEASE_TAG) \ $(MAKE) set-manifest-image - # Generate release artifacts. - mkdir -p out/ - kustomize build config/default > out/infrastructure-components.yaml + $(MAKE) release-manifests -.PHONY: release-staging-latest -release-staging-latest: ## Builds and push container images to the staging bucket using "latest" tag. - REGISTRY=$(STAGING_REGISTRY) TAG=latest \ - $(MAKE) docker-build-all docker-push-all +.PHONY: release-manifests +release-manifests: $(RELEASE_DIR) ## Builds the manifests to publish with a release + kustomize build config/default > $(RELEASE_DIR)/infrastructure-components.yaml + +.PHONY: release-staging +release-staging: ## Builds and push container images to the staging bucket. + REGISTRY=$(STAGING_REGISTRY) $(MAKE) docker-build-all docker-push-all release-tag-latest + +.PHONY: release-tag-latest +release-tag-latest: ## Adds the latest tag to the last build tag. + gcloud container images add-tag $(CONTROLLER_IMG):$(TAG) $(CONTROLLER_IMG):latest ## -------------------------------------- ## Development @@ -312,8 +323,9 @@ delete-cluster: $(CLUSTERCTL) ## Deletes the development Kubernetes Cluster "tes --bootstrap-flags="name=clusterapi" \ --cluster test1 \ --kubeconfig ./kubeconfig \ - -p ./examples/out/provider-components.yaml \ + -p ./examples/_out/provider-components.yaml \ +.PHONY: kind-reset kind-reset: ## Destroys the "clusterapi" kind cluster. kind delete cluster --name=clusterapi || true @@ -335,7 +347,10 @@ clean-bin: ## Remove all generated binaries clean-temporary: ## Remove all temporary files and folders rm -f minikube.kubeconfig rm -f kubeconfig - rm -rf out/ + +.PHONY: clean-release +clean-release: ## Remove the release folder + rm -rf $(RELEASE_DIR) .PHONY: clean-examples clean-examples: ## Remove all the temporary files generated in the examples folder diff --git a/README.md b/README.md index 398d83a756..a0900de5b8 100644 --- a/README.md +++ b/README.md @@ -120,6 +120,8 @@ For more information, please refer to [v1alpha2](https://github.com/kubernetes-s -m examples/_out/machines.yaml \ -p examples/_out/provider-components.yaml \ -a examples/addons.yaml + # Alternatively + make create-cluster ``` - If you are using an existing Kubernetes cluster: diff --git a/config/default/manager_image_patch.yaml b/config/default/manager_image_patch.yaml index 6be964d4ca..af34776355 100644 --- a/config/default/manager_image_patch.yaml +++ b/config/default/manager_image_patch.yaml @@ -8,5 +8,5 @@ spec: spec: containers: # Change the value of image field below to your controller image URL - - image: k8scloudprovider/openstack-cluster-api-controller:latest + - image: gcr.io/k8s-staging-capi-openstack/capi-openstack-controller:dev name: manager diff --git a/controllers/openstackcluster_controller.go b/controllers/openstackcluster_controller.go index 8f159fb728..987fad56e9 100644 --- a/controllers/openstackcluster_controller.go +++ b/controllers/openstackcluster_controller.go @@ -255,11 +255,11 @@ func (r *OpenStackClusterReconciler) SetupWithManager(mgr ctrl.Manager, options func (r *OpenStackClusterReconciler) getControlPlaneMachine() (*infrav1.OpenStackMachine, error) { machines := &clusterv1.MachineList{} - if err := r.Client.List(context.Background(), machines); err != nil { + if err := r.Client.List(context.TODO(), machines); err != nil { return nil, err } openStackMachines := &infrav1.OpenStackMachineList{} - if err := r.Client.List(context.Background(), openStackMachines); err != nil { + if err := r.Client.List(context.TODO(), openStackMachines); err != nil { return nil, err } diff --git a/controllers/openstackmachine_controller.go b/controllers/openstackmachine_controller.go index cfdc9cca37..b6dbace16f 100644 --- a/controllers/openstackmachine_controller.go +++ b/controllers/openstackmachine_controller.go @@ -442,15 +442,28 @@ func (r *OpenStackMachineReconciler) OpenStackClusterToOpenStackMachines(o handl r.Log.Error(errors.Errorf("expected a OpenStackCluster but got a %T", o.Object), "failed to get OpenStackMachine for OpenStackCluster") return nil } + log := r.Log.WithValues("OpenStackCluster", c.Name, "Namespace", c.Namespace) - labels := map[string]string{clusterv1.MachineClusterLabelName: c.Name} - machineList := &infrav1.OpenStackMachineList{} - if err := r.List(context.Background(), machineList, client.InNamespace(c.Namespace), client.MatchingLabels(labels)); err != nil { - r.Log.Error(err, "failed to list OpenStackMachines", "OpenStackCluster", c.Name, "Namespace", c.Namespace) + cluster, err := util.GetOwnerCluster(context.TODO(), r.Client, c.ObjectMeta) + switch { + case apierrors.IsNotFound(err) || cluster == nil: + return result + case err != nil: + log.Error(err, "failed to get owning cluster") + return result + } + + labels := map[string]string{clusterv1.MachineClusterLabelName: cluster.Name} + machineList := &clusterv1.MachineList{} + if err := r.List(context.TODO(), machineList, client.InNamespace(c.Namespace), client.MatchingLabels(labels)); err != nil { + log.Error(err, "failed to list Machines") return nil } for _, m := range machineList.Items { - name := client.ObjectKey{Namespace: m.Namespace, Name: m.Name} + if m.Spec.InfrastructureRef.Name == "" { + continue + } + name := client.ObjectKey{Namespace: m.Namespace, Name: m.Spec.InfrastructureRef.Name} result = append(result, ctrl.Request{NamespacedName: name}) } diff --git a/examples/controlplane/controlplane.yaml b/examples/controlplane/controlplane.yaml index c6b7ac7119..3feb08629c 100644 --- a/examples/controlplane/controlplane.yaml +++ b/examples/controlplane/controlplane.yaml @@ -61,7 +61,7 @@ spec: permissions: "0600" content: |- # cloud.conf to communicate with OpenStack - $OPENSTACK_CLOUD_PROVIDER_CONF + $OPENSTACK_CLOUD_PROVIDER_CONF6 - path: /etc/certs/cacert owner: root permissions: "0600" @@ -172,7 +172,7 @@ spec: permissions: "0600" content: |- # cloud.conf to communicate with OpenStack - $OPENSTACK_CLOUD_PROVIDER_CONF + $OPENSTACK_CLOUD_PROVIDER_CONF6 - path: /etc/certs/cacert owner: root permissions: "0600" @@ -254,7 +254,7 @@ spec: permissions: "0600" content: |- # cloud.conf to communicate with OpenStack - $OPENSTACK_CLOUD_PROVIDER_CONF + $OPENSTACK_CLOUD_PROVIDER_CONF6 - path: /etc/certs/cacert owner: root permissions: "0600" diff --git a/examples/generate.sh b/examples/generate.sh index 7f26822ee6..5ced287936 100755 --- a/examples/generate.sh +++ b/examples/generate.sh @@ -14,6 +14,7 @@ # limitations under the License. set -o errexit +set -o nounset # Directories. SOURCE_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )" @@ -113,7 +114,7 @@ PROVIDER_COMPONENTS_GENERATED_FILE=${OUTPUT_DIR}/provider-components.yaml CLUSTER_GENERATED_FILE=${OUTPUT_DIR}/cluster.yaml CONTROLPLANE_GENERATED_FILE=${OUTPUT_DIR}/controlplane.yaml MACHINEDEPLOYMENT_GENERATED_FILE=${OUTPUT_DIR}/machinedeployment.yaml -MACHINES_GENERATED_FILE=${OUTPUT_DIR}/machines.yaml +ADDONS_GENERATED_FILE=${OUTPUT_DIR}/addons.yaml rm -rf "${OUTPUT_DIR}" rm -rf "${CLOUDS_SECRETS_CONFIG_DIR}" @@ -127,7 +128,7 @@ if [[ ! -f ${MACHINE_CONTROLLER_SSH_PRIVATE_FILE} ]]; then ssh-keygen -t rsa -f ${MACHINE_CONTROLLER_SSH_PRIVATE_FILE} -N "" fi export MACHINE_CONTROLLER_SSH_PUBLIC_FILE_CONTENT -MACHINE_CONTROLLER_SSH_PUBLIC_FILE_CONTENT=$(cat ${MACHINE_CONTROLLER_SSH_PRIVATE_FILE}.pub) +MACHINE_CONTROLLER_SSH_PUBLIC_FILE_CONTENT="\"$(cat ${MACHINE_CONTROLLER_SSH_PRIVATE_FILE}.pub)\"" CLOUDS_PATH=${CLOUDS_PATH:-""} OPENSTACK_CLOUD_CONFIG_PLAIN=$(cat "$CLOUDS_PATH") @@ -144,24 +145,34 @@ if [[ "$DOMAIN_NAME" = "null" ]]; then fi CACERT_ORIGINAL=$(echo "$OPENSTACK_CLOUD_CONFIG_PLAIN" | yq r - clouds.${CLOUD}.cacert) +# use only the selected cloud not the whole clouds.yaml +OPENSTACK_CLOUD_CONFIG_SELECTED_CLOUD=$(echo "${OPENSTACK_CLOUD_CONFIG_PLAIN}" | yq r - clouds.${CLOUD} | yq p - clouds.${CLOUD}) + # Basic cloud.conf, no LB configuration as that data is not known yet. -export OPENSTACK_CLOUD_PROVIDER_CONF="[Global] - auth-url=$AUTH_URL - username=\"$USERNAME\" - password=\"$PASSWORD\" - tenant-id=\"$PROJECT_ID\" - domain-name=\"$DOMAIN_NAME\" +OPENSTACK_CLOUD_PROVIDER_CONF=" +[Global] +auth-url=$AUTH_URL +username=\"$USERNAME\" +password=\"$PASSWORD\" +tenant-id=\"$PROJECT_ID\" +domain-name=\"$DOMAIN_NAME\" " if [[ "$CACERT_ORIGINAL" != "null" ]]; then OPENSTACK_CLOUD_PROVIDER_CONF="$OPENSTACK_CLOUD_PROVIDER_CONF - ca-file=\"${CACERT_ORIGINAL}\" +ca-file=\"${CACERT_ORIGINAL}\" " fi if [[ "$REGION" != "null" ]]; then OPENSTACK_CLOUD_PROVIDER_CONF="$OPENSTACK_CLOUD_PROVIDER_CONF - region=\"${REGION}\" +region=\"${REGION}\" " fi + +export OPENSTACK_CLOUD_PROVIDER_CONF6 +OPENSTACK_CLOUD_PROVIDER_CONF6=$(echo "${OPENSTACK_CLOUD_PROVIDER_CONF}" | sed -e 's/^/ /') +export OPENSTACK_CLOUD_PROVIDER_CONF10 +OPENSTACK_CLOUD_PROVIDER_CONF10=$(echo "${OPENSTACK_CLOUD_PROVIDER_CONF}" | sed -e 's/^/ /') + OS=$(uname) if [[ "$OS" =~ "Linux" ]]; then # export OPENSTACK_CLOUD_PROVIDER_CONF=$(echo "$OPENSTACK_CLOUD_PROVIDER_CONF_PLAIN"|base64 -w0) @@ -180,7 +191,7 @@ else exit 1 fi -echo "${OPENSTACK_CLOUD_CONFIG_PLAIN}" > ${CLOUDS_SECRETS_CONFIG_DIR}/clouds.yaml +echo "${OPENSTACK_CLOUD_CONFIG_SELECTED_CLOUD}" > ${CLOUDS_SECRETS_CONFIG_DIR}/clouds.yaml if [[ "$CACERT_ORIGINAL" != "null" ]]; then cat "$CACERT_ORIGINAL" > ${CLOUDS_SECRETS_CONFIG_DIR}/cacert else @@ -188,44 +199,38 @@ else fi # Generate cluster resources. -kustomize build "${SOURCE_DIR}/cluster" --reorder=none | envsubst > "${CLUSTER_GENERATED_FILE}" +kustomize build "${SOURCE_DIR}/cluster" | envsubst > "${CLUSTER_GENERATED_FILE}" echo "Generated ${CLUSTER_GENERATED_FILE}" # Generate controlplane resources. -kustomize build "${SOURCE_DIR}/controlplane" --reorder=none | envsubst > "${CONTROLPLANE_GENERATED_FILE}" +kustomize build "${SOURCE_DIR}/controlplane" | envsubst > "${CONTROLPLANE_GENERATED_FILE}" echo "Generated ${CONTROLPLANE_GENERATED_FILE}" # Generate machinedeployment resources. -kustomize build "${SOURCE_DIR}/machinedeployment" --reorder=none | envsubst >> "${MACHINEDEPLOYMENT_GENERATED_FILE}" +kustomize build "${SOURCE_DIR}/machinedeployment" | envsubst >> "${MACHINEDEPLOYMENT_GENERATED_FILE}" echo "Generated ${MACHINEDEPLOYMENT_GENERATED_FILE}" -# combine control plane and regular machines in ${MACHINES_GENERATED_FILE} -cat ${CONTROLPLANE_GENERATED_FILE} > ${MACHINES_GENERATED_FILE} -echo "---" >> ${MACHINES_GENERATED_FILE} -#cat ${MACHINEDEPLOYMENT_GENERATED_FILE} >> ${MACHINES_GENERATED_FILE} -echo "---" >> ${MACHINES_GENERATED_FILE} -cat ${MACHINEDEPLOYMENT_GENERATED_FILE} >> ${MACHINES_GENERATED_FILE} -echo "---" >> ${MACHINES_GENERATED_FILE} -echo "Generated ${MACHINES_GENERATED_FILE}" +cp ${SOURCE_DIR}/addons.yaml "${ADDONS_GENERATED_FILE}" +echo "Generated ${ADDONS_GENERATED_FILE}" # Generate Cluster API provider components file. -kustomize build "github.com/kubernetes-sigs/cluster-api//config/default/?ref=master" --reorder=none > "${COMPONENTS_CLUSTER_API_GENERATED_FILE}" +kustomize build "github.com/kubernetes-sigs/cluster-api/config/default/?ref=master" > "${COMPONENTS_CLUSTER_API_GENERATED_FILE}" echo "Generated ${COMPONENTS_CLUSTER_API_GENERATED_FILE}" # Generate Kubeadm Bootstrap Provider components file. -kustomize build "github.com/kubernetes-sigs/cluster-api-bootstrap-provider-kubeadm//config/default/?ref=master" --reorder=none > "${COMPONENTS_KUBEADM_GENERATED_FILE}" +kustomize build "github.com/kubernetes-sigs/cluster-api-bootstrap-provider-kubeadm//config/default/?ref=master" > "${COMPONENTS_KUBEADM_GENERATED_FILE}" echo "Generated ${COMPONENTS_KUBEADM_GENERATED_FILE}" # Generate OpenStack Infrastructure Provider components file. -kustomize build "${SOURCE_DIR}/../config/default" --reorder=none | envsubst > "${COMPONENTS_OPENSTACK_GENERATED_FILE}" +kustomize build "${SOURCE_DIR}/../config/default" | envsubst > "${COMPONENTS_OPENSTACK_GENERATED_FILE}" echo "Generated ${COMPONENTS_OPENSTACK_GENERATED_FILE}" # Generate OpenStack Infrastructure Provider cloud-secrets file. -kustomize build "${SOURCE_DIR}/clouds-secrets" --reorder=none | envsubst > "${COMPONENTS_OPENSTACK_CLOUDS_SECRETS_GENERATED_FILE}" +kustomize build "${SOURCE_DIR}/clouds-secrets" | envsubst > "${COMPONENTS_OPENSTACK_CLOUDS_SECRETS_GENERATED_FILE}" echo "Generated ${COMPONENTS_OPENSTACK_CLOUDS_SECRETS_GENERATED_FILE}" echo "WARNING: ${COMPONENTS_OPENSTACK_CLOUDS_SECRETS_GENERATED_FILE} includes OpenStack credentials" # Generate a single provider components file. -kustomize build "${SOURCE_DIR}/provider-components"| envsubst > "${PROVIDER_COMPONENTS_GENERATED_FILE}" +kustomize build "${SOURCE_DIR}/provider-components" | envsubst > "${PROVIDER_COMPONENTS_GENERATED_FILE}" echo "Generated ${PROVIDER_COMPONENTS_GENERATED_FILE}" echo "WARNING: ${PROVIDER_COMPONENTS_GENERATED_FILE} includes OpenStack credentials" diff --git a/examples/machinedeployment/machinedeployment.yaml b/examples/machinedeployment/machinedeployment.yaml index ea1099b326..56ade01df9 100644 --- a/examples/machinedeployment/machinedeployment.yaml +++ b/examples/machinedeployment/machinedeployment.yaml @@ -68,7 +68,7 @@ spec: files: - content: |- # cloud.conf to communicate with OpenStack - $OPENSTACK_CLOUD_PROVIDER_CONF + $OPENSTACK_CLOUD_PROVIDER_CONF10 owner: root path: /etc/kubernetes/cloud.conf permissions: "0600" @@ -86,7 +86,7 @@ spec: name: '{{ local_hostname }}' ntp: servers: [] - users: - - name: ubuntu - sshAuthorizedKeys: - - "$MACHINE_CONTROLLER_SSH_PUBLIC_FILE_CONTENT" + users: + - name: ubuntu + sshAuthorizedKeys: + - "$MACHINE_CONTROLLER_SSH_PUBLIC_FILE_CONTENT" diff --git a/go.sum b/go.sum index 805201e8ff..5cc12d950b 100644 --- a/go.sum +++ b/go.sum @@ -1,11 +1,14 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.34.0 h1:eOI3/cP2VTU6uZLDYAoic+eyzzB9YyGmJ7eIjl8rOPg= cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +github.com/Azure/go-autorest/autorest v0.9.0 h1:MRvx8gncNaXJqOoLmhNjUAKh33JJF8LyxPhomEtOsjs= github.com/Azure/go-autorest/autorest v0.9.0/go.mod h1:xyHB1BMZT0cuDHU7I0+g046+BFDTQ8rEZB0s4Yfa6bI= github.com/Azure/go-autorest/autorest/adal v0.5.0/go.mod h1:8Z9fGy2MpX0PvDjB1pEgQTmVqjGhiHBW7RJJEciWzS0= +github.com/Azure/go-autorest/autorest/adal v0.6.0 h1:UCTq22yE3RPgbU/8u4scfnnzuCW6pwQ9n+uBtV78ouo= github.com/Azure/go-autorest/autorest/adal v0.6.0/go.mod h1:Z6vX6WXXuyieHAXwMj0S6HY6e6wcHn37qQMBQlvY3lc= github.com/Azure/go-autorest/autorest/date v0.1.0 h1:YGrhWfrgtFs84+h0o46rJrlmsZtyZRg470CqAXTZaGM= github.com/Azure/go-autorest/autorest/date v0.1.0/go.mod h1:plvfp3oPSKwf2DNjlBjWF/7vwR+cUD/ELuzDCXwHUVA= +github.com/Azure/go-autorest/autorest/date v0.2.0 h1:yW+Zlqf26583pE43KhfnhFcdmSWlm5Ew6bxipnr/tbM= github.com/Azure/go-autorest/autorest/date v0.2.0/go.mod h1:vcORJHLJEh643/Ioh9+vPmf1Ij9AEBM5FuBIXLmIy0g= github.com/Azure/go-autorest/autorest/mocks v0.1.0 h1:Kx+AUU2Te+A3JIyYn6Dfs+cFgx5XorQKuIXrZGoq/SI= github.com/Azure/go-autorest/autorest/mocks v0.1.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0= @@ -13,6 +16,7 @@ github.com/Azure/go-autorest/autorest/mocks v0.2.0/go.mod h1:OTyCOPRA2IgIlWxVYxB github.com/Azure/go-autorest/autorest/mocks v0.3.0/go.mod h1:a8FDP3DYzQ4RYfVAxAN3SVSiiO77gL2j2ronKKP0syM= github.com/Azure/go-autorest/logger v0.1.0 h1:ruG4BSDXONFRrZZJ2GUXDiUyVpayPmb1GnWeHDdaNKY= github.com/Azure/go-autorest/logger v0.1.0/go.mod h1:oExouG+K6PryycPJfVSxi/koC6LSNgds39diKLz7Vrc= +github.com/Azure/go-autorest/tracing v0.5.0 h1:TRn4WjSnkcSy5AEG3pnbtFSwNtwzjr4VYyQflFE619k= github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbtp2fGCgRFtBroKn4Dk= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf h1:qet1QNfXsQxTZqLG4oE62mJzwPIB8+Tee4RNCL9ulrY= diff --git a/pkg/cloud/services/provider/provider.go b/pkg/cloud/services/provider/provider.go index 1a3a6fe402..2a37f84ebf 100644 --- a/pkg/cloud/services/provider/provider.go +++ b/pkg/cloud/services/provider/provider.go @@ -79,8 +79,10 @@ func newClient(cloud clientconfig.Cloud, caCert []byte) (*gophercloud.ProviderCl } config := &tls.Config{ - RootCAs: x509.NewCertPool(), - InsecureSkipVerify: !*cloud.Verify, + RootCAs: x509.NewCertPool(), + } + if cloud.Verify != nil { + config.InsecureSkipVerify = !*cloud.Verify } config.RootCAs.AppendCertsFromPEM(caCert)