New flag "-ssl-upstream-insecure-skip-validation" #234
Conversation
…ion for upstreams with self generated / invalid SSL certificates.
|
Hi @jansinger 👋 Thanks for your PR. Did you look in to why the tests are failing? |
|
Hi @steakunderscore, sorry, I just missed to push the updated test after changing the method signature of NewReverseProxy(). It's fixed now. |
…to skip-upstream-ssl-validation # Conflicts: # CHANGELOG.md
|
Can anyone give me a hint why this is failing now when trying to download the mods? |
|
It could be due to Travis just timing out as this is something I've experienced before with go modules. I've restarted the build, but if this issue persists then I'll investigate further. |
|
Just a thought on this, why do we need to add a new flag? Can we not just pass the |
|
We want to validate the SSL certificate of our OIDC provider, which has an official certificate and can be validated and treated as secure. But the upstreams in our Kubernetes Cluster have self signed certs, so validation need to be skipped for them. |
|
Personally I would keep them separate. There are two different "sets" of certificates and I can see valid reason for wanting to validate one set and not validate the others |
|
Yeah after reading this again it definitely makes sense to keep them separate! |
|
Are you happy with this @JoelSpeed @steakunderscore? |
…to skip-upstream-ssl-validation
|
Thank you @jansinger and congrats on your first contribution! 🎉 |
New flag to skip SSL validation for upstreams with self generated / invalid SSL certificates.
Motivation and Context
Upstream with self-signed certificate (such as default kubernetes dashboard deployment) should work if oauth2-proxy.
Fixes #75
How Has This Been Tested?
Setup an oauth2_proxy for a Kubernetes dashboard as described in Issue #75, produced the errors as mentioned without the new flag, works setting the flag.
Checklist: