Add support for TLS skip verification (#306)

* Add support for TLS skip verification * Reorganize options a bit Signed-off-by: Antonio Huete Jimenez <tuxillo@quantumachine.net>
k3s-io · Aug 26, 2024 · cb8c874 · cb8c874
1 parent 227f4d3
commit cb8c874
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 17 deletions.
diff --git a/main.go b/main.go
@@ -46,6 +46,23 @@ func main() {
 			Usage:       "Certificate for DB connection",
 			Destination: &config.BackendTLSConfig.CertFile,
 		},
+		&cli.StringFlag{
+			Name:        "key-file",
+			Usage:       "Key file for DB connection",
+			Destination: &config.BackendTLSConfig.KeyFile,
+		},
+		&cli.BoolFlag{
+			Name:        "skip-verify",
+			Usage:       "Whether the TLS client should verify the server certificate.",
+			Destination: &config.BackendTLSConfig.SkipVerify,
+			Value:       false,
+		},
+		&cli.StringFlag{
+			Name:        "metrics-bind-address",
+			Usage:       "The address the metric endpoint binds to. Default :8080, set 0 to disable metrics serving.",
+			Destination: &metricsConfig.ServerAddress,
+			Value:       ":8080",
+		},
 		&cli.StringFlag{
 			Name:        "server-cert-file",
 			Usage:       "Certificate for etcd connection",
@@ -74,17 +91,6 @@ func main() {
 			Destination: &config.ConnectionPoolConfig.MaxLifetime,
 			Value:       0,
 		},
-		&cli.StringFlag{
-			Name:        "key-file",
-			Usage:       "Key file for DB connection",
-			Destination: &config.BackendTLSConfig.KeyFile,
-		},
-		&cli.StringFlag{
-			Name:        "metrics-bind-address",
-			Usage:       "The address the metric endpoint binds to. Default :8080, set 0 to disable metrics serving.",
-			Destination: &metricsConfig.ServerAddress,
-			Value:       ":8080",
-		},
 		&cli.DurationFlag{
 			Name:        "slow-sql-threshold",
 			Usage:       "The duration which SQL executed longer than will be logged. Default 1s, set <= 0 to disable slow SQL log.",

diff --git a/pkg/tls/config.go b/pkg/tls/config.go
@@ -7,9 +7,10 @@ import (
 )
 
 type Config struct {
-	CAFile   string
-	CertFile string
-	KeyFile  string
+	CAFile     string
+	CertFile   string
+	KeyFile    string
+	SkipVerify bool
 }
 
 func (c Config) ClientConfig() (*tls.Config, error) {
@@ -18,9 +19,10 @@ func (c Config) ClientConfig() (*tls.Config, error) {
 	}
 
 	info := &transport.TLSInfo{
-		CertFile:      c.CertFile,
-		KeyFile:       c.KeyFile,
-		TrustedCAFile: c.CAFile,
+		CertFile:           c.CertFile,
+		KeyFile:            c.KeyFile,
+		TrustedCAFile:      c.CAFile,
+		InsecureSkipVerify: c.SkipVerify,
 	}
 	tlsConfig, err := info.ClientConfig()
 	if err != nil {