add --disable-certificate-verify command line argument

[goern]

Expected Behavior

Kopf does not validate the SSL certs, so that it will not fail with [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1056)

Actual Behavior

SSL certs validation is enforce, and kopf run fails with [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1056) if run out of cluster.

Steps to Reproduce the Problem

1. kopf run app.py --verbose --standalone

Specifications

• Platform: PRETTY_NAME="Fedora 30 (Workstation Edition)"

• Kubernetes version:

  Client Version: version.Info{Major:"1", Minor:"13+", GitVersion:"v1.13.4+7bd2e5b", GitCommit:"7bd2e5b", GitTreeState:"clean", BuildDate:"2019-05-19T23:52:43Z", GoVersion:"go1.11.5", Compiler:"gc", Platform:"linux/amd64"}
  Server Version: version.Info{Major:"1", Minor:"11+", GitVersion:"v1.11.0+d4cacc0", GitCommit:"d4cacc0", GitTreeState:"clean", BuildDate:"2019-04-10T17:49:11Z", GoVersion:"go1.10.8", Compiler:"gc", Platform:"linux/amd64"}

• Python version: Python 3.7.3

• Python packages installed:

  aiohttp==4.0.0a0
  aiojobs==0.2.2
  appdirs==1.4.3
  async-timeout==3.0.1
  attrs==19.1.0
  black==19.3b0
  cachetools==3.1.1
  certifi==2019.6.16
  chardet==3.0.4
  Click==7.0
  daiquiri==1.5.0
  google-auth==1.6.3
  idna==2.8
  iso8601==0.1.12
  kopf==0.19rc1
  kubernetes==10.0.0
  multidict==4.5.2
  oauthlib==3.0.2
  pip==19.1.1
  pyasn1==0.4.5
  pyasn1-modules==0.2.5
  pykube-ng==0.25
  python-dateutil==2.8.0
  pytz==2019.1
  PyYAML==5.1.1
  requests==2.22.0
  requests-oauthlib==1.2.0
  rfc5424-logging-handler==1.4.3
  rsa==4.0
  sentry-sdk==0.10.1
  setuptools==41.0.1
  six==1.12.0
  thoth-common==0.9.1
  toml==0.10.0
  tzlocal==2.0.0b2
  urllib3==1.25.3
  websocket-client==0.56.0
  wheel==0.33.4
  yarl==1.3.0

[nolar]

To achieve the desired goal of ignoring the SSL certificate validity, please use @kopf.on.login() handlers to produce a kopf.ConnectionInfo(..., verify=False, ...) instance.

To make it more simple, kopf.login_via_pykube() and kopf.login_via_client() can be used inside of the handler instead of own config parsing, of which the returned ConnectionInfo object can be modified with dataclasses.replace(result, verify=False).

Few examples can be found here:

• Docs: https://kopf.readthedocs.io/en/latest/authentication/
• Example: https://github.com/zalando-incubator/kopf/blob/master/examples/13-hooks/example.py

The custom authentication methods were pre-released in kopf>=0.23rc1 and will be normally released (kopf>=0.23) in few days. See the 0.23rc1 release notes.

Please report any issues with the new custom authentication methods if they do not work as expected.