search

vmware-tanzu / velero

Backup and migrate Kubernetes applications and their persistent volumes
https://velero.io
Apache License 2.0
8.41k stars 1.37k forks source link

How to skip hostname validation in the client used by NewPodCommandExecutor #7765

Open sai-sandeep-1 opened 2 months ago

sai-sandeep-1 commented 2 months ago

https://github.com/vmware-tanzu/velero/blob/4d48273a24969b748b6c2c68f376928053188102/pkg/podexec/pod_command_executor.go#L57

I have a use case where the server certificate is self-signed and doesn't have a hostname in the SAN

How can I make it so that the hostname validation is skipped but the certificate verification still happens when using the PodCommandExecutor?

Most kubernetes clients support constructors that allow passing the HTTP client func NewForConfigAndClient(c *rest.Config, h *http.Client) this helps in configuring the TLS in the HTTP client to skip the hostname validation if needed.

Is there something that can be done for the pod command executor?

reasonerjt commented 2 months ago

Are you trying to import velero's package in your code? Please feel free to fork the repo to add such support, but it may not be merged into upstream, because at the moment velero doesn't have a use case to skip cert when executing hooks.

sai-sandeep-1 commented 1 month ago

Yes, I am using velero as a package in the code. Got it