juju fails to respect kubeconfig insecure-skip-tls-verify

Bug #1905977 reported by Luke Marsden
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Canonical Juju
Fix Released
High
Ian Booth

Bug Description

I have a kubeconfig:

```
apiVersion: v1
clusters:
- cluster:
    server: https://51.210.209.124:46161
    insecure-skip-tls-verify: true
  name: minikube
```

But running `juju add-k8s myk8scloud` disregards the instruction to not do TLS verification:

```
luke@light:~/pc/charms$ juju add-k8s myk8scloud
Since Juju 2 is being run for the first time, downloaded the latest public cloud information.
This operation can be applied to both a copy on this client and to the one on a controller.
No current controller was detected and there are no registered controllers on this client: either bootstrap one or register one.
ERROR Juju needs to query the k8s cluster to ensure that the recommended
 storage defaults are available and to detect the cluster's cloud/region.
 This was not possible in this case so run add-k8s again, using
 --storage=<name> to specify the storage class to use and
 --cloud=<cloud> to specify the cloud.
: cannot determine cluster region: listing nodes: Get "https://51.210.209.124:46161/api/v1/nodes?limit=5": x509: certificate is valid for 127.0.0.1, 172.17.0.1, 10.96.0.1, 127.0.0.1, 10.0.0.1, not 51.210.209.124
```

Juju should respect the kubeconfig parameter and not do TLS verification if it's told not to.

Revision history for this message
Luke Marsden (lukemarsden) wrote :
Ian Booth (wallyworld)
Changed in juju:
milestone: none → 2.8.7
status: New → Triaged
importance: Undecided → High
Ian Booth (wallyworld)
Changed in juju:
assignee: nobody → Ian Booth (wallyworld)
status: Triaged → In Progress
Ian Booth (wallyworld)
Changed in juju:
milestone: 2.8.7 → 2.8.8
Ian Booth (wallyworld)
Changed in juju:
status: In Progress → Fix Committed
Ian Booth (wallyworld)
Changed in juju:
milestone: 2.8.8 → 2.8.7
Changed in juju:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.