install-cni.sh should use cacert instead of --insecure #93

anfernee · 2020-08-18T15:54:02Z

Lines 75 to 79 in 6cd97fd

    
           token=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token) 
        
           node_url="https://${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT}/api/v1/nodes/${HOSTNAME}" 
        
           response=$(curl -k -s -H "Authorization: Bearer $token" $node_url) 
        
           ipv4_subnet=$(echo $response | jq '.spec.podCIDR')

we are using curl -k which is insecure. We should use --cacert with the ca cert in the same folder as token file.

The text was updated successfully, but these errors were encountered:

anfernee · 2020-08-18T15:54:20Z

cc @bcheung

It appears some "expected errors" still pop up causing user confusion, so do the redirection, restore -m as some further safeguard, and since we're touching this line, fix GoogleCloudPlatform#93 along the way.

bcheung mentioned this issue Aug 21, 2020

Install CNI Refactor #97

Open

jingyuanliang mentioned this issue Oct 14, 2024

Redirect curl errors during node object fetching to stdout #373

Merged

google-oss-prow bot closed this as completed in #373 Oct 15, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

install-cni.sh should use cacert instead of --insecure #93

install-cni.sh should use cacert instead of --insecure #93

anfernee commented Aug 18, 2020

anfernee commented Aug 18, 2020

install-cni.sh should use cacert instead of --insecure #93

install-cni.sh should use cacert instead of --insecure #93

Comments

anfernee commented Aug 18, 2020

anfernee commented Aug 18, 2020