No support for invalid K8S-API EP certs

[crkurz]

What happened?

In case a K8S cluster EP has invalid certifications, kubectl allows adding insecure-skip-tls-verify: true as shown below:

clusters:
  - name: cluster-abc
    cluster:
      server: https://...:6443
      insecure-skip-tls-verify: true

Gefyra currently ignores this information.

More general: how to handle any other additional config info? (if possible)

What did you expect to happen?

Gefyra should honour insecure-skip-tls-verify: true in Gefyra Client.

Please provide the output of gefyra check.

.

How can we reproduce it (as minimally and precisely as possible)?

.

What Kubernetes setup are you working with?

$ kubectl version
# paste output here

OS version

# On Linux:
$ cat /etc/os-release
# paste output here
$ uname -a
# paste output here

# On Windows:
C:\> wmic os get Caption, Version, BuildNumber, OSArchitecture
# paste output here

Anything else we need to know?

Work-around: patch Gefyra client

Patch needed in configuration.py: ClientConfiguration._init_kubeapi().

  self.K8S_APP_API = AppsV1Api()
  self.K8S_APP_API.api_client.configuration.verify_ssl = False       <--- addition needed in case cluster is configured with insecure-skip-tls-verify:true

The second change needed: local/utils.py: compose_kubeconfig_for_serviceaccount():

clusters:
  - name: default-cluster
    cluster:
      certificate-authority-data: {ca}
      server: {server}
      insecure-skip-tls-verify: true          <---- addition needed in case cluster is configured with insecure-skip-tls-verify:true