add tls bundle to auth

josemaia · josemaia · commit f8bb2cb2ba27 · 2025-03-03T16:47:44.000Z
diff --git a/modules/auth/main.go b/modules/auth/main.go
@@ -38,6 +38,7 @@ func main() {
 		client.WithKubeconfig(args.KubeconfigPath()),
 		client.WithMasterUrl(args.ApiServerHost()),
 		client.WithInsecureTLSSkipVerify(args.ApiServerSkipTLSVerify()),
+		client.WithCaBundle(args.ApiServerCaBundle()),
 	)
 
 	klog.V(1).InfoS("Listening and serving insecurely on", "address", args.Address())
diff --git a/modules/auth/pkg/args/args.go b/modules/auth/pkg/args/args.go
@@ -31,6 +31,7 @@ var (
 	argKubeconfig             = pflag.String("kubeconfig", "", "path to kubeconfig file")
 	argApiServerHost          = pflag.String("apiserver-host", "", "address of the Kubernetes API server to connect to in the format of protocol://address:port, leave it empty if the binary runs inside cluster for local discovery attempt")
 	argApiServerSkipTLSVerify = pflag.Bool("apiserver-skip-tls-verify", false, "enable if connection with remote Kubernetes API server should skip TLS verify")
+	argApiServerCaBundle				 = pflag.String("apiserver-ca-bundle", "", "file containing the x509 certificates used for HTTPS connection to the API Server")
 )
 
 func init() {
@@ -59,6 +60,10 @@ func ApiServerSkipTLSVerify() bool {
 	return *argApiServerSkipTLSVerify
 }
 
+func ApiServerCaBundle() string {
+	return *argApiServerCaBundle
+}
+
 func Address() string {
 	return fmt.Sprintf("%s:%d", *argAddress, *argPort)
 }

Original file line number	Diff line number	Diff line change
`@@ -38,6 +38,7 @@ func main() {`
`38`	`38`	`client.WithKubeconfig(args.KubeconfigPath()),`
`39`	`39`	`client.WithMasterUrl(args.ApiServerHost()),`
`40`	`40`	`client.WithInsecureTLSSkipVerify(args.ApiServerSkipTLSVerify()),`
	`41`	`+ client.WithCaBundle(args.ApiServerCaBundle()),`
`41`	`42`	`)`
`42`	`43`
`43`	`44`	`klog.V(1).InfoS("Listening and serving insecurely on", "address", args.Address())`
Original file line number	Diff line number	Diff line change
`@@ -31,6 +31,7 @@ var (`
`31`	`31`	`argKubeconfig = pflag.String("kubeconfig", "", "path to kubeconfig file")`
`32`	`32`	`argApiServerHost = pflag.String("apiserver-host", "", "address of the Kubernetes API server to connect to in the format of protocol://address:port, leave it empty if the binary runs inside cluster for local discovery attempt")`
`33`	`33`	`argApiServerSkipTLSVerify = pflag.Bool("apiserver-skip-tls-verify", false, "enable if connection with remote Kubernetes API server should skip TLS verify")`
	`34`	`+ argApiServerCaBundle = pflag.String("apiserver-ca-bundle", "", "file containing the x509 certificates used for HTTPS connection to the API Server")`
`34`	`35`	`)`
`35`	`36`
`36`	`37`	`func init() {`
`@@ -59,6 +60,10 @@ func ApiServerSkipTLSVerify() bool {`
`59`	`60`	`return *argApiServerSkipTLSVerify`
`60`	`61`	`}`
`61`	`62`
	`63`	`+func ApiServerCaBundle() string {`
	`64`	`+ return *argApiServerCaBundle`
	`65`	`+}`
	`66`	`+`
`62`	`67`	`func Address() string {`
`63`	`68`	`return fmt.Sprintf("%s:%d", argAddress, argPort)`
`64`	`69`	`}`