mirror
/
drone-kubernetes
mirror of https://github.com/honestbee/drone-kubernetes.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Clarify TLS Verfication impact

This commit is contained in:
Vincent De Smet 2017-02-20 18:20:47 +08:00
parent 5c69e4ff09
commit 8da057f924
2 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
README.md
View File

@ -30,6 +30,7 @@ This more complex example demonstrates how to deploy to several environments bas
deploy-staging:
image: quay.io/honestbee/drone-kubernetes
kubernetes_server: ${KUBERNETES_SERVER_STAGING}
kubernetes_cert: ${KUBERNETES_CERT_STAGING}
kubernetes_token: ${KUBERNETES_TOKEN_STAGING}
deployment: my-deployment
repo: myorg/myrepo
@ -43,6 +44,7 @@ This more complex example demonstrates how to deploy to several environments bas
image: quay.io/honestbee/drone-kubernetes
kubernetes_server: ${KUBERNETES_SERVER_PROD}
kubernetes_token: ${KUBERNETES_TOKEN_PROD}
# notice: no tls verification will be done, warning will is printed
deployment: my-deployment
repo: myorg/myrepo
container: my-container
@ -56,10 +58,15 @@ This more complex example demonstrates how to deploy to several environments bas
drone secret add --image=honestbee/drone-kubernetes \
your-user/your-repo KUBERNETES_SERVER https://mykubernetesapiserver
drone secret add --image=honestbee/drone-kubernetes \
your-user/your-repo KUBERNETES_CERT <base64 encoded CA.crt>
drone secret add --image=honestbee/drone-kubernetes \
your-user/your-repo KUBERNETES_TOKEN eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJ...
When using TLS Verification, ensure Server Certificate used by kubernetes API server
is signed for SERVER url ( could be a reason for failures if using aliases of kubernetes cluster )
## To do
Replace the current kubectl bash script with a go implementation.

3
update.sh
View File

@ -18,9 +18,10 @@ fi
kubectl config set-credentials default --token=${KUBERNETES_TOKEN}
if [ ! -z ${KUBERNETES_CERT} ]; then
echo ${KUBERNETES_CERT}} | base64 -d > ca.crt
echo ${KUBERNETES_CERT} | base64 -d > ca.crt
kubectl config set-cluster default --server=${KUBERNETES_SERVER} --certificate-authority=ca.crt
else
echo "WARNING: Using insecure connection to cluster"
kubectl config set-cluster default --server=${KUBERNETES_SERVER} --insecure-skip-tls-verify=true
fi