karmada-io
/
karmada
mirror of https://github.com/karmada-io/karmada.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4371 from CharlesQQ/proxy-fix 

fix(util/proxy): fix tls.config when secret.spec.caBundle is nil
This commit is contained in:
karmada-bot 2023-12-09 14:16:07 +08:00 committed by GitHub
parent fdbb322c4f fca22c2821
commit e2c6ece93a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
pkg/util/proxy/proxy.go
View File

@ -137,13 +137,10 @@ func GetTlsConfigForCluster(ctx context.Context, cluster *clusterapis.Cluster, s
if err != nil {
return nil, err
}
caBundle, err := getClusterCABundle(cluster.Name, caSecret)
if err != nil {
return nil, fmt.Errorf("failed to get CA bundle for cluster %s: %v", cluster.Name, err)
}
caBundle := getClusterCABundle(caSecret)
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM([]byte(caBundle))
caCertPool.AppendCertsFromPEM(caBundle)
return &tls.Config{
RootCAs: caCertPool,
MinVersion: tls.VersionTLS13,
@ -221,12 +218,12 @@ func ImpersonateToken(clusterName string, secret *corev1.Secret) (string, error)
return string(token), nil
}
func getClusterCABundle(clusterName string, secret *corev1.Secret) (string, error) {
func getClusterCABundle(secret *corev1.Secret) []byte {
caBundle, found := secret.Data[clusterapis.SecretCADataKey]
if !found {
return "", fmt.Errorf("the CA bundle of cluster %s is empty", clusterName)
return []byte{}
}
return string(caBundle), nil
return caBundle
}
// SkipGroup tells whether the input group can be skipped during impersonate.