Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
SECURITY: Kubeclient::Config: return ssl_options[:verify_ssl] correctly
- VULNERABILITY FIX: Previously, whenever kubeconfig did not define custom CA (normal situation for production clusters with public domain and certificate!), `Config` was returning hard-coded `VERIFY_NONE` :-( Assuming you passed those ssl_options to Kubeclient::Client, this means that instead of checking server's certificate against your system CA store, it would accept ANY certificate, allowing easy man-in-the middle attacks. This is especially dangerous with user/password or token credentials because MITM attacker could simply steal those credentials to the cluster and do anything you could do on the cluster. - Bug fix: kubeconfig `insecure-skip-tls-verify` field was ignored. When kubeconfig did define custom CA, `Config` was returning hard-coded `VERIFY_PEER`. Now we honor it, return `VERIFY_NONE` iff kubeconfig has explicit `insecure-skip-tls-verify: true`, otherwise `VERIFY_PEER`. These don't affect code that supplies `Client` parameters directly, only code that uses `Config`. (To ease back-porting, this commit is rebased directly on the 6-year-old PR that introduced Kubeclient::Config - this was broken from day 1! #127 Tests come in separate commits based on later points.)
- Loading branch information
