- added --insecureSkipTLSVerify parameter

robscott · Dec 30, 2024 · 1b72515 · 1b72515
1 parent a2b2f0f
commit 1b72515
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 25 deletions.
diff --git a/pkg/capacity/capacity.go b/pkg/capacity/capacity.go
@@ -31,7 +31,7 @@ import (
 
 // FetchAndPrint gathers cluster resource data and outputs it
 func FetchAndPrint(opts Options) {
-	clientset, err := kube.NewClientSet(opts.KubeContext, opts.KubeConfig, opts.ImpersonateUser, opts.ImpersonateGroup)
+	clientset, err := kube.NewClientSet(opts.KubeContext, opts.KubeConfig, opts.InsecureSkipTLSVerify, opts.ImpersonateUser, opts.ImpersonateGroup)
 	if err != nil {
 		fmt.Printf("Error connecting to Kubernetes: %v\n", err)
 		os.Exit(1)
@@ -42,7 +42,7 @@ func FetchAndPrint(opts Options) {
 	var nmList *v1beta1.NodeMetricsList
 
 	if opts.ShowUtil {
-		mClientset, err := kube.NewMetricsClientSet(opts.KubeContext, opts.KubeConfig)
+		mClientset, err := kube.NewMetricsClientSet(opts.KubeContext, opts.KubeConfig, opts.InsecureSkipTLSVerify)
 		if err != nil {
 			fmt.Printf("Error connecting to Metrics API: %v\n", err)
 			os.Exit(4)

diff --git a/pkg/capacity/options.go b/pkg/capacity/options.go
@@ -3,21 +3,22 @@ package capacity
 // Options is a struct containing the command line options
 // FetchAndPrint depends on
 type Options struct {
-	ShowContainers   bool
-	ShowPods         bool
-	ShowUtil         bool
-	ShowPodCount     bool
-	PodLabels        string
-	NodeLabels       string
-	NodeTaints       string
-	ExcludeTainted   bool
-	NamespaceLabels  string
-	Namespace        string
-	KubeContext      string
-	KubeConfig       string
-	OutputFormat     string
-	SortBy           string
-	AvailableFormat  bool
-	ImpersonateUser  string
-	ImpersonateGroup string
+	ShowContainers        bool
+	ShowPods              bool
+	ShowUtil              bool
+	ShowPodCount          bool
+	PodLabels             string
+	NodeLabels            string
+	NodeTaints            string
+	ExcludeTainted        bool
+	NamespaceLabels       string
+	Namespace             string
+	KubeContext           string
+	KubeConfig            string
+	InsecureSkipTLSVerify bool
+	OutputFormat          string
+	SortBy                string
+	AvailableFormat       bool
+	ImpersonateUser       string
+	ImpersonateGroup      string
 }
diff --git a/pkg/cmd/root.go b/pkg/cmd/root.go
@@ -69,6 +69,8 @@ func init() {
 		"context", "", "", "context to use for Kubernetes config")
 	rootCmd.PersistentFlags().StringVarP(&opts.KubeConfig,
 		"kubeconfig", "", "", "kubeconfig file to use for Kubernetes config")
+	rootCmd.PersistentFlags().BoolVarP(&opts.InsecureSkipTLSVerify,
+		"insecure-skip-tls-verify", "", false, "If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure")
 	rootCmd.PersistentFlags().StringVarP(&opts.SortBy,
 		"sort", "", "name",
 		fmt.Sprintf("attribute to sort results by (supports: %v)", capacity.SupportedSortAttributes))

diff --git a/pkg/kube/clientset.go b/pkg/kube/clientset.go
@@ -18,15 +18,16 @@ import (
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
+	clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
 	metrics "k8s.io/metrics/pkg/client/clientset/versioned"
 
 	// Required for GKE, OIDC, and more
 	_ "k8s.io/client-go/plugin/pkg/client/auth"
 )
 
 // NewClientSet returns a new Kubernetes clientset
-func NewClientSet(kubeContext, kubeConfig string, impersonateUser string, impersonateGroup string) (*kubernetes.Clientset, error) {
-	config, err := getKubeConfig(kubeContext, kubeConfig)
+func NewClientSet(kubeContext, kubeConfig string, FlagInsecure bool, impersonateUser string, impersonateGroup string) (*kubernetes.Clientset, error) {
+	config, err := getKubeConfig(kubeContext, kubeConfig, FlagInsecure)
 	if err != nil {
 		return nil, err
 	}
@@ -45,22 +46,22 @@ func NewClientSet(kubeContext, kubeConfig string, impersonateUser string, impers
 }
 
 // NewMetricsClientSet returns a new clientset for Kubernetes metrics
-func NewMetricsClientSet(kubeContext, kubeConfig string) (*metrics.Clientset, error) {
-	config, err := getKubeConfig(kubeContext, kubeConfig)
+func NewMetricsClientSet(kubeContext, kubeConfig string, FlagInsecure bool) (*metrics.Clientset, error) {
+	config, err := getKubeConfig(kubeContext, kubeConfig, FlagInsecure)
 	if err != nil {
 		return nil, err
 	}
 
 	return metrics.NewForConfig(config)
 }
 
-func getKubeConfig(kubeContext, kubeConfig string) (*rest.Config, error) {
+func getKubeConfig(kubeContext, kubeConfig string, insecureSkipTLSVerify bool) (*rest.Config, error) {
 	loadingRules := clientcmd.NewDefaultClientConfigLoadingRules()
 	if kubeConfig != "" {
 		loadingRules.ExplicitPath = kubeConfig
 	}
 	return clientcmd.NewNonInteractiveDeferredLoadingClientConfig(
 		loadingRules,
-		&clientcmd.ConfigOverrides{CurrentContext: kubeContext},
+		&clientcmd.ConfigOverrides{ClusterInfo: clientcmdapi.Cluster{InsecureSkipTLSVerify: insecureSkipTLSVerify}, CurrentContext: kubeContext},
 	).ClientConfig()
 }