Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

remove insecureSkipTLSVerify in helm chart #4033

Merged
merged 1 commit into from
Sep 11, 2023
Merged

remove insecureSkipTLSVerify in helm chart #4033

merged 1 commit into from
Sep 11, 2023

Conversation

chaosi-zju
Copy link
Member

What type of PR is this?

/kind feature

What this PR does / why we need it:

Backupground: insecureSkipTLSVerify=true means prohibit clientside from verifing the cert of serverside, this is an unsafe configuration, we can avoid unnecessary unsafe configurations.

This PR mainly aims to remove insecureSkipTLSVerify in helm chart.

Which issue(s) this PR fixes:

part of #4024

Special notes for your reviewer:

You can test helm install by following bash script:

#!/bin/bash

# clean old clusters and config
kind delete clusters --all; rm -r ~/.karmada/; rm ~/.kube/*.config; rm -r /etc/karmada
# please replace to your own local karmada repo path
cd /root/home/gopath/src/github.com/karmada
# create a Kind cluster
hack/create-cluster.sh karmada-host ~/.kube/karmada.config

export KUBECONFIG=~/.kube/karmada.config:~/.kube/karmada-apiserver.config

# pull images in advance and avoid duplicate downloads when each installation
for img in `cat charts/karmada/values.yaml | grep -C 1 'repository:' | sed 's/*karmadaImageVersion/latest/g' | awk -F ':' '{print $2}' | sed 's/\"//g' | xargs -n3 | awk '{print $1"/"$2":"$3}'`; do docker pull $img; kind load docker-image $img --name karmada-host; done

kubectl get pods -o wide -A

# helm install
helm install karmada -n karmada-system --create-namespace --dependency-update --set components={"descheduler"} ./charts/karmada --debug

# export karmada-apiserver kubeconfig
kubectl get secret -n karmada-system karmada-kubeconfig -o jsonpath={.data.kubeconfig} | base64 -d > ~/.kube/karmada-apiserver.config

Test result:
image
image
image

Does this PR introduce a user-facing change?:

none

@chaosi-zju
remove insecureSkipTLSVerify in helm chart
18f21a1 
Signed-off-by: chaosi-zju <chaosi@zju.edu.cn>
@karmada-bot karmada-bot added the kind/feature Categorizes issue or PR as related to a new feature. label Sep 5, 2023
@karmada-bot karmada-bot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Sep 5, 2023
This was referenced Sep 5, 2023
Closed
Closed
RainbowMango
RainbowMango approved these changes Sep 11, 2023
View reviewed changes
Copy link
Member

@RainbowMango RainbowMango left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

@karmada-bot karmada-bot added the lgtm Indicates that a PR is ready to be merged. label Sep 11, 2023
@karmada-bot
Copy link
Collaborator

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: RainbowMango

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@karmada-bot karmada-bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Sep 11, 2023
@karmada-bot karmada-bot merged commit b379023 into karmada-io:master Sep 11, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@RainbowMango RainbowMango RainbowMango approved these changes

@calvin0327 calvin0327 Awaiting requested review from calvin0327

@pidb pidb Awaiting requested review from pidb

Assignees

@RainbowMango RainbowMango

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. kind/feature Categorizes issue or PR as related to a new feature. lgtm Indicates that a PR is ready to be merged. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@chaosi-zju @karmada-bot @RainbowMango