Support insecure ca root validation.

brendanburns · brendanburns · commit a2a39ff3c395 · 2017-06-24T07:10:30.000-07:00
diff --git a/util/src/main/java/io/kubernetes/client/util/Config.java b/util/src/main/java/io/kubernetes/client/util/Config.java
@@ -114,16 +114,22 @@ public static ApiClient fromConfig(Reader input) {
             ex.printStackTrace();
         }
 
-        // It's silly to have to do it in this order, but each SSL setup
-        // consumes the CA cert, so if we do this before the client certs
-        // are injected the cert input stream is exhausted and things get
-        // grumpy'
-        String caCert = config.getCertificateAuthorityData();
-        String caCertFile = config.getCertificateAuthorityFile();
-        try {
-            client.setSslCaCert(SSLUtils.getInputStreamFromDataOrFile(caCert, caCertFile));
-        } catch (FileNotFoundException e) {
-            e.printStackTrace();
+        if (config.verifySSL()) {
+            // It's silly to have to do it in this order, but each SSL setup
+            // consumes the CA cert, so if we do this before the client certs
+            // are injected the cert input stream is exhausted and things get
+            // grumpy'
+            String caCert = config.getCertificateAuthorityData();
+            String caCertFile = config.getCertificateAuthorityFile();
+            if (caCert != null || caCertFile != null) {
+                try {
+                    client.setSslCaCert(SSLUtils.getInputStreamFromDataOrFile(caCert, caCertFile));
+                } catch (FileNotFoundException e) {
+                    e.printStackTrace();
+                }
+            }
+        } else {
+            client.setVerifyingSsl(false);
         }
 
         String token = config.getAccessToken();
diff --git a/util/src/main/java/io/kubernetes/client/util/KubeConfig.java b/util/src/main/java/io/kubernetes/client/util/KubeConfig.java
@@ -171,6 +171,13 @@ public String getAccessToken() {
         return null;
     }
 
+    public boolean verifySSL() {
+        if (currentCluster.containsKey("insecure-skip-tls-verify")) {
+            return ! ((Boolean) currentCluster.get("insecure-skip-tls-verify")).booleanValue();
+        }
+        return true;
+    }
+
     private static String getData(Map<String, Object> obj, String key) {
         if (obj == null) {
             return null;
