From c8fdb35d6519846ff9b521bc6d915d2a074f9988 Mon Sep 17 00:00:00 2001 From: Alexander Chernov Date: Wed, 13 Dec 2023 12:21:28 +0000 Subject: [PATCH] Added `tls_server_name` option --- docs/index.md | 1 + kubernetes/provider.go | 9 +++++++++ 2 files changed, 10 insertions(+) diff --git a/docs/index.md b/docs/index.md index fefd6058..5bf0040c 100755 --- a/docs/index.md +++ b/docs/index.md @@ -70,6 +70,7 @@ The following arguments are supported: * `config_context_cluster` - (Optional) Cluster context of the kube config (name of the kubeconfig cluster, `--cluster` flag in `kubectl`). Can be sourced from `KUBE_CTX_CLUSTER`. * `token` - (Optional) Token of your service account. Can be sourced from `KUBE_TOKEN`. * `proxy_url` - (Optional) URL to the proxy to be used for all API requests. URLs with "http", "https", and "socks5" schemes are supported. Can be sourced from `KUBE_PROXY_URL`. +* `tls_server_name` - (Optional) Server name passed to the server for SNI and is used in the client to check server certificates against. * `exec` - (Optional) Configuration block to use an [exec-based credential plugin] (https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins), e.g. call an external command to receive user credentials. * `api_version` - (Required) API version to use when decoding the ExecCredentials resource, e.g. `client.authentication.k8s.io/v1beta1`. * `command` - (Required) Command to execute. diff --git a/kubernetes/provider.go b/kubernetes/provider.go index 8fd0e7f1..a9396240 100644 --- a/kubernetes/provider.go +++ b/kubernetes/provider.go @@ -132,6 +132,12 @@ func Provider() *schema.Provider { DefaultFunc: schema.EnvDefaultFunc("KUBE_LOAD_CONFIG_FILE", true), Description: "Load local kubeconfig.", }, + "tls_server_name": { + Type: schema.TypeString, + Optional: true, + Description: "Server name passed to the server for SNI and is used in the client to check server certificates against.", + DefaultFunc: schema.EnvDefaultFunc("KUBE_TLS_SERVER_NAME", ""), + }, "exec": { Type: schema.TypeList, Optional: true, @@ -383,6 +389,9 @@ func initializeConfiguration(d *schema.ResourceData) (*restclient.Config, error) if v, ok := d.GetOk("proxy_url"); ok { overrides.ClusterDefaults.ProxyURL = v.(string) } + if v, ok := d.GetOk("tls_server_name"); ok { + overrides.ClusterInfo.TLSServerName = v.(string) + } cc := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(loader, overrides) cfg, err := cc.ClientConfig()