From 18f21a1677bc47b98ceefd3973bc87584f0804be Mon Sep 17 00:00:00 2001
From: chaosi-zju <chaosi@zju.edu.cn>
Date: Tue, 5 Sep 2023 21:44:49 +0800
Subject: [PATCH] remove insecureSkipTLSVerify in helm chart

Signed-off-by: chaosi-zju <chaosi@zju.edu.cn>
---
 charts/karmada/templates/_helpers.tpl            | 9 +++++++++
 charts/karmada/templates/_karmada_apiservice.tpl | 4 ++--
 charts/karmada/templates/pre-install-job.yaml    | 1 -
 3 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/charts/karmada/templates/_helpers.tpl b/charts/karmada/templates/_helpers.tpl
index 358138a6e..e3d7c695f 100644
--- a/charts/karmada/templates/_helpers.tpl
+++ b/charts/karmada/templates/_helpers.tpl
@@ -213,6 +213,15 @@ app: {{$name}}
 {{- end }}
 {{- end -}}
 
+{{- define "karmada.apiserver.caBundle" -}}
+{{- if eq .Values.certs.mode "auto" }}
+caBundle: {{ print "{{ ca_crt }}" }}
+{{- end }}
+{{- if eq .Values.certs.mode "custom" }}
+caBundle: {{ b64enc .Values.certs.custom.caCrt }}
+{{- end }}
+{{- end -}}
+
 {{- define "karmada.webhook.caBundle" -}}
 {{- if eq .Values.certs.mode "auto" }}
 caBundle: {{ print "{{ ca_crt }}" }}
diff --git a/charts/karmada/templates/_karmada_apiservice.tpl b/charts/karmada/templates/_karmada_apiservice.tpl
index 7f86446da..baf274e5f 100644
--- a/charts/karmada/templates/_karmada_apiservice.tpl
+++ b/charts/karmada/templates/_karmada_apiservice.tpl
@@ -11,7 +11,7 @@ metadata:
     app: {{ $name }}-aggregated-apiserver
     apiserver: "true"
 spec:
-  insecureSkipTLSVerify: true
+  {{- include "karmada.apiserver.caBundle" . | nindent 2 }}
   group: cluster.karmada.io
   groupPriorityMinimum: 2000
   service:
@@ -39,7 +39,7 @@ metadata:
     app: {{ $name }}-search
     apiserver: "true"
 spec:
-  insecureSkipTLSVerify: true
+  {{- include "karmada.apiserver.caBundle" . | nindent 2 }}
   group: search.karmada.io
   groupPriorityMinimum: 2000
   service:
diff --git a/charts/karmada/templates/pre-install-job.yaml b/charts/karmada/templates/pre-install-job.yaml
index 3d4c2d002..843229f37 100644
--- a/charts/karmada/templates/pre-install-job.yaml
+++ b/charts/karmada/templates/pre-install-job.yaml
@@ -212,7 +212,6 @@ data:
         clusters:
           - cluster:
               certificate-authority-data: {{ print "{{ ca_crt }}" }}
-              insecure-skip-tls-verify: false
               server: https://{{ $name }}-apiserver.{{ $namespace }}.svc.{{ .Values.clusterDomain }}:5443
             name: {{ $name }}-apiserver
         users: