From bfe143808f1b50307f62ab85b36c13689d11c48e Mon Sep 17 00:00:00 2001
From: Sulochan Acharya <sulochan@gmail.com>
Date: Wed, 5 Aug 2020 13:02:29 +0100
Subject: [PATCH] Allows tls verify skip on webhook auth url (#6472)

---
 roles/kubernetes/master/defaults/main/main.yml                   | 1 +
 .../master/templates/webhook-token-auth-config.yaml.j2           | 1 +
 2 files changed, 2 insertions(+)

diff --git a/roles/kubernetes/master/defaults/main/main.yml b/roles/kubernetes/master/defaults/main/main.yml
index 0d861b9ac..87d369f86 100644
--- a/roles/kubernetes/master/defaults/main/main.yml
+++ b/roles/kubernetes/master/defaults/main/main.yml
@@ -119,6 +119,7 @@ kube_basic_auth: false
 kube_token_auth: false
 kube_oidc_auth: false
 kube_webhook_token_auth: false
+kube_webhook_token_auth_url_skip_tls_verify: false
 
 ## Variables for OpenID Connect Configuration https://kubernetes.io/docs/admin/authentication/
 ## To use OpenID you have to deploy additional an OpenID Provider (e.g Dex, Keycloak, ...)
diff --git a/roles/kubernetes/master/templates/webhook-token-auth-config.yaml.j2 b/roles/kubernetes/master/templates/webhook-token-auth-config.yaml.j2
index 265a91cc3..4d0c1eccb 100644
--- a/roles/kubernetes/master/templates/webhook-token-auth-config.yaml.j2
+++ b/roles/kubernetes/master/templates/webhook-token-auth-config.yaml.j2
@@ -3,6 +3,7 @@ clusters:
 - name: webhook-token-auth-cluster
   cluster:
     server: {{ kube_webhook_token_auth_url }}
+    insecure-skip-tls-verify: {{ kube_webhook_token_auth_url_skip_tls_verify }}
 
 # users refers to the API server's webhook configuration.
 users:
-- 
GitLab