1
0
Fork 0
mirror of https://github.com/honestbee/drone-kubernetes.git synced 2025-10-26 03:38:03 +00:00

Clarify TLS Verfication impact

This commit is contained in:
Vincent De Smet 2017-02-20 18:20:47 +08:00
parent 5c69e4ff09
commit 8da057f924
2 changed files with 10 additions and 2 deletions

View file

@ -30,6 +30,7 @@ This more complex example demonstrates how to deploy to several environments bas
deploy-staging: deploy-staging:
image: quay.io/honestbee/drone-kubernetes image: quay.io/honestbee/drone-kubernetes
kubernetes_server: ${KUBERNETES_SERVER_STAGING} kubernetes_server: ${KUBERNETES_SERVER_STAGING}
kubernetes_cert: ${KUBERNETES_CERT_STAGING}
kubernetes_token: ${KUBERNETES_TOKEN_STAGING} kubernetes_token: ${KUBERNETES_TOKEN_STAGING}
deployment: my-deployment deployment: my-deployment
repo: myorg/myrepo repo: myorg/myrepo
@ -43,6 +44,7 @@ This more complex example demonstrates how to deploy to several environments bas
image: quay.io/honestbee/drone-kubernetes image: quay.io/honestbee/drone-kubernetes
kubernetes_server: ${KUBERNETES_SERVER_PROD} kubernetes_server: ${KUBERNETES_SERVER_PROD}
kubernetes_token: ${KUBERNETES_TOKEN_PROD} kubernetes_token: ${KUBERNETES_TOKEN_PROD}
# notice: no tls verification will be done, warning will is printed
deployment: my-deployment deployment: my-deployment
repo: myorg/myrepo repo: myorg/myrepo
container: my-container container: my-container
@ -56,10 +58,15 @@ This more complex example demonstrates how to deploy to several environments bas
drone secret add --image=honestbee/drone-kubernetes \ drone secret add --image=honestbee/drone-kubernetes \
your-user/your-repo KUBERNETES_SERVER https://mykubernetesapiserver your-user/your-repo KUBERNETES_SERVER https://mykubernetesapiserver
drone secret add --image=honestbee/drone-kubernetes \
your-user/your-repo KUBERNETES_CERT <base64 encoded CA.crt>
drone secret add --image=honestbee/drone-kubernetes \ drone secret add --image=honestbee/drone-kubernetes \
your-user/your-repo KUBERNETES_TOKEN eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJ... your-user/your-repo KUBERNETES_TOKEN eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJ...
When using TLS Verification, ensure Server Certificate used by kubernetes API server
is signed for SERVER url ( could be a reason for failures if using aliases of kubernetes cluster )
## To do ## To do
Replace the current kubectl bash script with a go implementation. Replace the current kubectl bash script with a go implementation.

View file

@ -18,9 +18,10 @@ fi
kubectl config set-credentials default --token=${KUBERNETES_TOKEN} kubectl config set-credentials default --token=${KUBERNETES_TOKEN}
if [ ! -z ${KUBERNETES_CERT} ]; then if [ ! -z ${KUBERNETES_CERT} ]; then
echo ${KUBERNETES_CERT}} | base64 -d > ca.crt echo ${KUBERNETES_CERT} | base64 -d > ca.crt
kubectl config set-cluster default --server=${KUBERNETES_SERVER} --certificate-authority=ca.crt kubectl config set-cluster default --server=${KUBERNETES_SERVER} --certificate-authority=ca.crt
else else
echo "WARNING: Using insecure connection to cluster"
kubectl config set-cluster default --server=${KUBERNETES_SERVER} --insecure-skip-tls-verify=true kubectl config set-cluster default --server=${KUBERNETES_SERVER} --insecure-skip-tls-verify=true
fi fi