From ea1d1d0088076111add4483619734d8da88c1dc1 Mon Sep 17 00:00:00 2001
From: GaoXiaodong <13814823514@163.com>
Date: Wed, 9 Feb 2022 19:40:30 +0800
Subject: [PATCH] fix(platform): ignore ca when set env (#1759)

Co-authored-by: xdonggao <xdonggao@tencent.com>
---
 api/platform/types.go    | 4 +++-
 api/platform/v1/types.go | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/api/platform/types.go b/api/platform/types.go
index 8eee23749..b05c761b2 100644
--- a/api/platform/types.go
+++ b/api/platform/types.go
@@ -22,6 +22,7 @@ import (
 	"fmt"
 	"math/rand"
 	"net"
+	"os"
 	"path"
 	"strings"
 
@@ -391,7 +392,8 @@ func (cc ClusterCredential) RESTConfig(cls *Cluster) *rest.Config {
 			config.Host = fmt.Sprintf("https://%s", host)
 		}
 	}
-	if cc.CACert != nil {
+	// If api-server does not sign the ip in address, set ca then request, it will report x509 certificate error, need to ignore the certificate
+	if os.Getenv("TKE_IGNORE_CA") != "true" && cc.CACert != nil {
 		config.TLSClientConfig.CAData = cc.CACert
 	} else {
 		config.TLSClientConfig.Insecure = true
diff --git a/api/platform/v1/types.go b/api/platform/v1/types.go
index a0470e119..c0ebbed6b 100644
--- a/api/platform/v1/types.go
+++ b/api/platform/v1/types.go
@@ -22,6 +22,7 @@ import (
 	"fmt"
 	"math/rand"
 	"net"
+	"os"
 	"path"
 	strings "strings"
 
@@ -401,7 +402,8 @@ func (cc ClusterCredential) RESTConfig(cls *Cluster) *rest.Config {
 			config.Host = fmt.Sprintf("https://%s", host)
 		}
 	}
-	if cc.CACert != nil {
+	// If api-server does not sign the ip in address, set ca then request, it will report x509 certificate error, need to ignore the certificate
+	if os.Getenv("TKE_IGNORE_CA") != "true" && cc.CACert != nil {
 		config.TLSClientConfig.CAData = cc.CACert
 	} else {
 		config.TLSClientConfig.Insecure = true