From aabfb6811cf553df8e53dca597eff1ebe7cac383 Mon Sep 17 00:00:00 2001 From: Alex Renoki Date: Thu, 23 Dec 2021 13:47:56 +0200 Subject: [PATCH 1/3] Added support for insecure-skip-tls-verify --- src/Traits/Cluster/LoadsFromKubeConfig.php | 10 ++++++++++ tests/KubeConfigTest.php | 15 +++++++++++++++ tests/cluster/kubeconfig.yaml | 14 ++++++++++++++ 3 files changed, 39 insertions(+) diff --git a/src/Traits/Cluster/LoadsFromKubeConfig.php b/src/Traits/Cluster/LoadsFromKubeConfig.php index 070d47e7..8b8d8d43 100644 --- a/src/Traits/Cluster/LoadsFromKubeConfig.php +++ b/src/Traits/Cluster/LoadsFromKubeConfig.php @@ -44,6 +44,7 @@ public static function setTempFolder(string $tempFolder) */ public static function fromKubeConfigVariable(string $context = null) { + /** @var \RenokiCo\PhpK8s\KubernetesCluster $this */ $cluster = new static; if (! isset($_SERVER['KUBECONFIG'])) { @@ -81,6 +82,7 @@ public static function fromKubeConfigVariable(string $context = null) */ public static function fromKubeConfigYaml(string $yaml, string $context = null) { + /** @var \RenokiCo\PhpK8s\KubernetesCluster $this */ $cluster = new static; return $cluster->loadKubeConfigFromArray(yaml_parse($yaml), $context); @@ -112,6 +114,8 @@ public static function fromKubeConfigYamlFile(string $path = '/.kube/config', st */ protected function loadKubeConfigFromArray(array $kubeconfig, string $context = null) { + /** @var \RenokiCo\PhpK8s\KubernetesCluster $this */ + // Compute the context from the method, or in case it is passed as null // try to find it from the current kubeconfig's "current-context" field. $context = $context ?: ($kubeconfig['current-context'] ?? null); @@ -146,6 +150,10 @@ protected function loadKubeConfigFromArray(array $kubeconfig, string $context = ); } + if (isset($clusterConfig['cluster']['insecure-skip-tls-verify']) && $clusterConfig['cluster']['insecure-skip-tls-verify']) { + $this->withoutSslChecks(); + } + $this->url = $clusterConfig['cluster']['server']; if (isset($userConfig['user']['client-certificate'])) { @@ -188,6 +196,7 @@ protected function loadKubeConfigFromArray(array $kubeconfig, string $context = */ protected function writeTempFileForContext(string $context, string $fileName, string $contents) { + /** @var \RenokiCo\PhpK8s\KubernetesCluster $this */ $tempFolder = static::$tempFolder ?: sys_get_temp_dir(); $tempFilePath = $tempFolder.DIRECTORY_SEPARATOR."ctx-{$context}-{$fileName}"; @@ -212,6 +221,7 @@ protected function writeTempFileForContext(string $context, string $fileName, st */ protected static function mergeKubeconfigContents(array $kubeconfig1, array $kubeconfig2): array { + /** @var \RenokiCo\PhpK8s\KubernetesCluster $this */ $kubeconfig1 += $kubeconfig2; foreach ($kubeconfig1 as $key => $value) { diff --git a/tests/KubeConfigTest.php b/tests/KubeConfigTest.php index bb2de664..f81c2a63 100644 --- a/tests/KubeConfigTest.php +++ b/tests/KubeConfigTest.php @@ -60,6 +60,21 @@ public function test_kube_config_from_yaml_file_with_paths_to_ssl() $this->assertEquals('/path/to/.minikube/client.key', $keyPath); } + public function test_kube_config_from_yaml_file_with_skip_tols() + { + $cluster = KubernetesCluster::fromKubeConfigYamlFile(__DIR__.'/cluster/kubeconfig.yaml', 'minikube-3'); + + [ + 'verify' => $verify, + 'cert' => $certPath, + 'ssl_key' => $keyPath, + ] = $cluster->getClient()->getConfig(); + + $this->assertFalse($verify); + $this->assertEquals('/path/to/.minikube/client.crt', $certPath); + $this->assertEquals('/path/to/.minikube/client.key', $keyPath); + } + public function test_cluster_can_get_correct_config_for_token_socket_connection() { $cluster = KubernetesCluster::fromUrl('http://127.0.0.1:8080')->loadTokenFromFile(__DIR__.'/cluster/token.txt'); diff --git a/tests/cluster/kubeconfig.yaml b/tests/cluster/kubeconfig.yaml index df90f1e0..ae12c2bf 100644 --- a/tests/cluster/kubeconfig.yaml +++ b/tests/cluster/kubeconfig.yaml @@ -8,6 +8,11 @@ clusters: certificate-authority: /path/to/.minikube/ca.crt server: https://minikube-2:8443 name: minikube-2 +- cluster: + certificate-authority: /path/to/.minikube/ca.crt + server: https://minikube-2:8443 + insecure-skip-tls-verify: true + name: minikube-3 contexts: - context: cluster: minikube @@ -19,6 +24,11 @@ contexts: user: minikube-2 name: minikube-2 namespace: some-namespace +- context: + cluster: minikube-3 + user: minikube-3 + name: minikube-3 + namespace: some-namespace - context: cluster: no-cluster user: minikube @@ -41,3 +51,7 @@ users: user: client-certificate: /path/to/.minikube/client.crt client-key: /path/to/.minikube/client.key +- name: minikube-3 + user: + client-certificate: /path/to/.minikube/client3.crt + client-key: /path/to/.minikube/client3.key From 5c490ac20dc73c32ad1dd0e7fc663048ea8b769a Mon Sep 17 00:00:00 2001 From: Alex Renoki Date: Thu, 23 Dec 2021 16:41:48 +0200 Subject: [PATCH 2/3] Fixed tests --- src/Traits/Cluster/LoadsFromKubeConfig.php | 8 ++++---- tests/cluster/kubeconfig.yaml | 10 +++++----- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/src/Traits/Cluster/LoadsFromKubeConfig.php b/src/Traits/Cluster/LoadsFromKubeConfig.php index 8b8d8d43..86e70569 100644 --- a/src/Traits/Cluster/LoadsFromKubeConfig.php +++ b/src/Traits/Cluster/LoadsFromKubeConfig.php @@ -150,10 +150,6 @@ protected function loadKubeConfigFromArray(array $kubeconfig, string $context = ); } - if (isset($clusterConfig['cluster']['insecure-skip-tls-verify']) && $clusterConfig['cluster']['insecure-skip-tls-verify']) { - $this->withoutSslChecks(); - } - $this->url = $clusterConfig['cluster']['server']; if (isset($userConfig['user']['client-certificate'])) { @@ -180,6 +176,10 @@ protected function loadKubeConfigFromArray(array $kubeconfig, string $context = $this->withToken($userConfig['user']['token']); } + if (isset($clusterConfig['cluster']['insecure-skip-tls-verify']) && $clusterConfig['cluster']['insecure-skip-tls-verify']) { + $this->withoutSslChecks(); + } + return $this; } diff --git a/tests/cluster/kubeconfig.yaml b/tests/cluster/kubeconfig.yaml index ae12c2bf..94821903 100644 --- a/tests/cluster/kubeconfig.yaml +++ b/tests/cluster/kubeconfig.yaml @@ -12,7 +12,7 @@ clusters: certificate-authority: /path/to/.minikube/ca.crt server: https://minikube-2:8443 insecure-skip-tls-verify: true - name: minikube-3 + name: minikube-skip-tls contexts: - context: cluster: minikube @@ -25,9 +25,9 @@ contexts: name: minikube-2 namespace: some-namespace - context: - cluster: minikube-3 - user: minikube-3 - name: minikube-3 + cluster: minikube-skip-tls + user: minikube-skip-tls + name: minikube-skip-tls namespace: some-namespace - context: cluster: no-cluster @@ -51,7 +51,7 @@ users: user: client-certificate: /path/to/.minikube/client.crt client-key: /path/to/.minikube/client.key -- name: minikube-3 +- name: minikube-skip-tls user: client-certificate: /path/to/.minikube/client3.crt client-key: /path/to/.minikube/client3.key From 5356a6650c9e76d2d2791c22547e316f27db8fb0 Mon Sep 17 00:00:00 2001 From: Alex Renoki Date: Fri, 31 Dec 2021 00:11:33 +0200 Subject: [PATCH 3/3] Fixed kubeconfig name --- tests/KubeConfigTest.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/KubeConfigTest.php b/tests/KubeConfigTest.php index f81c2a63..663c46e0 100644 --- a/tests/KubeConfigTest.php +++ b/tests/KubeConfigTest.php @@ -62,7 +62,7 @@ public function test_kube_config_from_yaml_file_with_paths_to_ssl() public function test_kube_config_from_yaml_file_with_skip_tols() { - $cluster = KubernetesCluster::fromKubeConfigYamlFile(__DIR__.'/cluster/kubeconfig.yaml', 'minikube-3'); + $cluster = KubernetesCluster::fromKubeConfigYamlFile(__DIR__.'/cluster/kubeconfig.yaml', 'minikube-skip-tls'); [ 'verify' => $verify, @@ -71,8 +71,8 @@ public function test_kube_config_from_yaml_file_with_skip_tols() ] = $cluster->getClient()->getConfig(); $this->assertFalse($verify); - $this->assertEquals('/path/to/.minikube/client.crt', $certPath); - $this->assertEquals('/path/to/.minikube/client.key', $keyPath); + $this->assertEquals('/path/to/.minikube/client3.crt', $certPath); + $this->assertEquals('/path/to/.minikube/client3.key', $keyPath); } public function test_cluster_can_get_correct_config_for_token_socket_connection()