Add insecure_skip_tls_verify (#144)

README.md

@@ -18,6 +18,7 @@ resource_types:
 
 * `cluster_url`: *Optional.* URL to Kubernetes Master API service. Do not set when using the `kubeconfig_path` parameter, otherwise required.
 * `cluster_ca`: *Optional.* Base64 encoded PEM. Required if `cluster_url` is https.
+* `insecure_skip_tls_verify`: *Optional* Skips verifying the `cluster_ca`. (Default: false). Ignored unless `cluster_url` is https. Useful for self-signed certificates. It is not recommended to use blindly.
 * `token`: *Optional.* Bearer token for Kubernetes.  This, 'token_path' or `admin_key`/`admin_cert` are required if `cluster_url` is https.
 * `token_path`: *Optional.* Path to file containing the bearer token for Kubernetes.  This, 'token' or `admin_key`/`admin_cert` are required if `cluster_url` is https.
 * `admin_key`: *Optional.* Base64 encoded PEM. Required if `cluster_url` is https and no `token` or 'token_path' is provided.

assets/common.sh

@@ -24,10 +24,15 @@ setup_kubernetes() {
       admin_cert=$(jq -r '.source.admin_cert // ""' < $payload)
       token=$(jq -r '.source.token // ""' < $payload)
       token_path=$(jq -r '.params.token_path // ""' < $payload)
-
-      ca_path="/root/.kube/ca.pem"
-      echo "$cluster_ca" | base64 -d > $ca_path
-      kubectl config set-cluster default --server=$cluster_url --certificate-authority=$ca_path
+      insecure_skip_tls_verify=$(jq -r '.source.insecure_skip_tls_verify // "false"' < $payload)
+
+      if [ "$insecure_skip_tls_verify" = true ]; then
+        kubectl config set-cluster default --server=$cluster_url --insecure-skip-tls-verify
+      else
+        ca_path="/root/.kube/ca.pem"
+        echo "$cluster_ca" | base64 -d > $ca_path
+        kubectl config set-cluster default --server=$cluster_url --certificate-authority=$ca_path
+      fi
 
       if [ -f "$source/$token_path" ]; then
         kubectl config set-credentials admin --token=$(cat $source/$token_path)