Clarify TLS Verfication impact
This commit is contained in:
parent
5c69e4ff09
commit
8da057f924
|
@ -30,6 +30,7 @@ This more complex example demonstrates how to deploy to several environments bas
|
||||||
deploy-staging:
|
deploy-staging:
|
||||||
image: quay.io/honestbee/drone-kubernetes
|
image: quay.io/honestbee/drone-kubernetes
|
||||||
kubernetes_server: ${KUBERNETES_SERVER_STAGING}
|
kubernetes_server: ${KUBERNETES_SERVER_STAGING}
|
||||||
|
kubernetes_cert: ${KUBERNETES_CERT_STAGING}
|
||||||
kubernetes_token: ${KUBERNETES_TOKEN_STAGING}
|
kubernetes_token: ${KUBERNETES_TOKEN_STAGING}
|
||||||
deployment: my-deployment
|
deployment: my-deployment
|
||||||
repo: myorg/myrepo
|
repo: myorg/myrepo
|
||||||
|
@ -43,6 +44,7 @@ This more complex example demonstrates how to deploy to several environments bas
|
||||||
image: quay.io/honestbee/drone-kubernetes
|
image: quay.io/honestbee/drone-kubernetes
|
||||||
kubernetes_server: ${KUBERNETES_SERVER_PROD}
|
kubernetes_server: ${KUBERNETES_SERVER_PROD}
|
||||||
kubernetes_token: ${KUBERNETES_TOKEN_PROD}
|
kubernetes_token: ${KUBERNETES_TOKEN_PROD}
|
||||||
|
# notice: no tls verification will be done, warning will is printed
|
||||||
deployment: my-deployment
|
deployment: my-deployment
|
||||||
repo: myorg/myrepo
|
repo: myorg/myrepo
|
||||||
container: my-container
|
container: my-container
|
||||||
|
@ -56,10 +58,15 @@ This more complex example demonstrates how to deploy to several environments bas
|
||||||
drone secret add --image=honestbee/drone-kubernetes \
|
drone secret add --image=honestbee/drone-kubernetes \
|
||||||
your-user/your-repo KUBERNETES_SERVER https://mykubernetesapiserver
|
your-user/your-repo KUBERNETES_SERVER https://mykubernetesapiserver
|
||||||
|
|
||||||
|
drone secret add --image=honestbee/drone-kubernetes \
|
||||||
|
your-user/your-repo KUBERNETES_CERT <base64 encoded CA.crt>
|
||||||
|
|
||||||
drone secret add --image=honestbee/drone-kubernetes \
|
drone secret add --image=honestbee/drone-kubernetes \
|
||||||
your-user/your-repo KUBERNETES_TOKEN eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJ...
|
your-user/your-repo KUBERNETES_TOKEN eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJ...
|
||||||
|
|
||||||
|
When using TLS Verification, ensure Server Certificate used by kubernetes API server
|
||||||
|
is signed for SERVER url ( could be a reason for failures if using aliases of kubernetes cluster )
|
||||||
|
|
||||||
## To do
|
## To do
|
||||||
|
|
||||||
Replace the current kubectl bash script with a go implementation.
|
Replace the current kubectl bash script with a go implementation.
|
||||||
|
|
|
@ -18,9 +18,10 @@ fi
|
||||||
|
|
||||||
kubectl config set-credentials default --token=${KUBERNETES_TOKEN}
|
kubectl config set-credentials default --token=${KUBERNETES_TOKEN}
|
||||||
if [ ! -z ${KUBERNETES_CERT} ]; then
|
if [ ! -z ${KUBERNETES_CERT} ]; then
|
||||||
echo ${KUBERNETES_CERT}} | base64 -d > ca.crt
|
echo ${KUBERNETES_CERT} | base64 -d > ca.crt
|
||||||
kubectl config set-cluster default --server=${KUBERNETES_SERVER} --certificate-authority=ca.crt
|
kubectl config set-cluster default --server=${KUBERNETES_SERVER} --certificate-authority=ca.crt
|
||||||
else
|
else
|
||||||
|
echo "WARNING: Using insecure connection to cluster"
|
||||||
kubectl config set-cluster default --server=${KUBERNETES_SERVER} --insecure-skip-tls-verify=true
|
kubectl config set-cluster default --server=${KUBERNETES_SERVER} --insecure-skip-tls-verify=true
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue