karmada-io
/
karmada
mirror of https://github.com/karmada-io/karmada.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix(util/proxy): fix tls.config when secret.spec.caBundle is nil 

Signed-off-by: chang.qiangqiang <chang.qiangqiang@immomo.com>
This commit is contained in:
chang.qiangqiang 2023-12-06 15:19:09 +08:00
parent 09a43c6f17
commit fca22c2821
1 changed files with 5 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
pkg/util/proxy/proxy.go
View File

@ -137,13 +137,10 @@ func GetTlsConfigForCluster(ctx context.Context, cluster *clusterapis.Cluster, s
if err != nil {
return nil, err
}
caBundle, err := getClusterCABundle(cluster.Name, caSecret)
if err != nil {
return nil, fmt.Errorf("failed to get CA bundle for cluster %s: %v", cluster.Name, err)
}
caBundle := getClusterCABundle(caSecret)
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM([]byte(caBundle))
caCertPool.AppendCertsFromPEM(caBundle)
return &tls.Config{
RootCAs: caCertPool,
MinVersion: tls.VersionTLS13,
@ -221,12 +218,12 @@ func ImpersonateToken(clusterName string, secret *corev1.Secret) (string, error)
return string(token), nil
}
func getClusterCABundle(clusterName string, secret *corev1.Secret) (string, error) {
func getClusterCABundle(secret *corev1.Secret) []byte {
caBundle, found := secret.Data[clusterapis.SecretCADataKey]
if !found {
return "", fmt.Errorf("the CA bundle of cluster %s is empty", clusterName)
return []byte{}
}
return string(caBundle), nil
return caBundle
}
// SkipGroup tells whether the input group can be skipped during impersonate.