remove insecureSkipTLSVerify in helm chart

Signed-off-by: chaosi-zju <chaosi@zju.edu.cn>
2023-09-05 21:44:49 +08:00 · 2023-09-05 21:44:49 +08:00 · 18f21a1677
parent 7c96e0db54
commit 18f21a1677
3 changed files with 11 additions and 3 deletions
--- a/charts/karmada/templates/_helpers.tpl
+++ b/charts/karmada/templates/_helpers.tpl
@ -213,6 +213,15 @@ app: {{$name}}
 {{- end }}
 {{- end -}}

+{{- define "karmada.apiserver.caBundle" -}}
+{{- if eq .Values.certs.mode "auto" }}
+caBundle: {{ print "{{ ca_crt }}" }}
+{{- end }}
+{{- if eq .Values.certs.mode "custom" }}
+caBundle: {{ b64enc .Values.certs.custom.caCrt }}
+{{- end }}
+{{- end -}}
+
 {{- define "karmada.webhook.caBundle" -}}
 {{- if eq .Values.certs.mode "auto" }}
 caBundle: {{ print "{{ ca_crt }}" }}
--- a/charts/karmada/templates/_karmada_apiservice.tpl
+++ b/charts/karmada/templates/_karmada_apiservice.tpl
@ -11,7 +11,7 @@ metadata:
    app: {{ $name }}-aggregated-apiserver
    apiserver: "true"
 spec:
-  insecureSkipTLSVerify: true
+  {{- include "karmada.apiserver.caBundle" . | nindent 2 }}
  group: cluster.karmada.io
  groupPriorityMinimum: 2000
  service:
@ -39,7 +39,7 @@ metadata:
    app: {{ $name }}-search
    apiserver: "true"
 spec:
-  insecureSkipTLSVerify: true
+  {{- include "karmada.apiserver.caBundle" . | nindent 2 }}
  group: search.karmada.io
  groupPriorityMinimum: 2000
  service:
--- a/charts/karmada/templates/pre-install-job.yaml
+++ b/charts/karmada/templates/pre-install-job.yaml
@ -212,7 +212,6 @@ data:
        clusters:
          - cluster:
              certificate-authority-data: {{ print "{{ ca_crt }}" }}
-              insecure-skip-tls-verify: false
              server: https://{{ $name }}-apiserver.{{ $namespace }}.svc.{{ .Values.clusterDomain }}:5443
            name: {{ $name }}-apiserver
        users: