Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Reverts "Fix kubernetes_service nil ptr dereference #9788" #12681

Merged
merged 3 commits into from
May 24, 2022
Merged

Reverts "Fix kubernetes_service nil ptr dereference #9788" #12681

merged 3 commits into from
May 24, 2022

Conversation

tigrato
Copy link
Contributor

@tigrato tigrato commented May 16, 2022

When K8S cluster is signed with a trusted CA kubeconfig does not require certificate-authority-data or insecure-skip-tls-verify) leading into tlsConfig being nil when using the rest.TLSConfigFor function.

nil is a valid value for tlsConfig and it is interpreted as: use the system default CA pool and TLS config if required.
This MR reverts the previous commits introduced by #9788 and removes the possible dereferences of tlsConfig without sanity checks that previously were causing the panics.

Fixes #12652

Reproduce steps:

  • Start minikube with --cert-expiration=8760h arg in order to generate a certificate that is lower than 2.5y (possibly requires cleanup of old minikube certs)
  • Add ~/.minikube/ca.crt into your system CA pool
  • remove certificate-authority-data from teleport's kubeconfig
  • Try to start teleport

@github-actions github-actions bot requested review from jimbishopp and zmb3 May 16, 2022 20:01
@tigrato tigrato requested a review from r0mant May 16, 2022 20:06
r0mant
r0mant approved these changes May 16, 2022
View reviewed changes
Copy link
Collaborator

@r0mant r0mant left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@tigrato Let's also backport to all release branches where original fix was backported.

tigrato added a commit that referenced this pull request May 17, 2022
@tigrato
[branch/v7] backports #12681
0abf404
tigrato added a commit that referenced this pull request May 17, 2022
@tigrato
[branch/v8] backports #12681
af2bde9
This was referenced May 17, 2022
Closed
Closed
@tigrato tigrato requested a review from lxea May 17, 2022 14:22
@tigrato tigrato force-pushed the tigrato/fix-kubeconfig-missing-ca branch from e410fbc to 805d834 Compare May 24, 2022 16:04
@tigrato tigrato merged commit 6e9ca06 into master May 24, 2022
@tigrato tigrato deleted the tigrato/fix-kubeconfig-missing-ca branch May 24, 2022 16:54
@github-actions
Copy link

@tigrato See the table below for backport results.

Branch Result
branch/v7 Failed
branch/v8 Failed
branch/v9 Failed

@tigrato tigrato restored the tigrato/fix-kubeconfig-missing-ca branch May 24, 2022 16:55
@github-actions
Copy link

@tigrato See the table below for backport results.

Branch Result
branch/v7 Failed
branch/v8 Create PR
branch/v9 Create PR

This was referenced May 24, 2022
Merged
Merged
tigrato added a commit that referenced this pull request May 24, 2022
@tigrato
Revert "Avoid nil dereferencing when tlsConfig is nil. (#9788)"
7ca8c64 
Backport #12681 to branch/v7
@tigrato tigrato mentioned this pull request May 24, 2022
Merged
@tigrato tigrato deleted the tigrato/fix-kubeconfig-missing-ca branch May 24, 2022 17:23
tigrato added a commit that referenced this pull request May 26, 2022
@tigrato
Revert "Avoid nil dereferencing when tlsConfig is nil. (#9788)"
0f09a1c 
Backport #12681 to branch/v7
r0mant pushed a commit that referenced this pull request May 26, 2022
@tigrato
Revert "Avoid nil dereferencing when tlsConfig is nil. (#9788)" (#12876)
6781bff 
Backport #12681 to branch/v7
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@r0mant r0mant r0mant approved these changes

@lxea lxea lxea approved these changes

@jimbishopp jimbishopp Awaiting requested review from jimbishopp

@zmb3 zmb3 Awaiting requested review from zmb3

Assignees
No one assigned
Labels
kubernetes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

kubeconfig missing CA leads to failure
3 participants
@tigrato @r0mant @lxea