diff --git a/.changelog/839.txt b/.changelog/839.txt new file mode 100644 index 000000000..af581c728 --- /dev/null +++ b/.changelog/839.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +`kubernetes/provider.go`: Add `tls_server_name` kubernetes provider options. +``` \ No newline at end of file diff --git a/helm/provider.go b/helm/provider.go index 139be39b4..3e78bbea1 100644 --- a/helm/provider.go +++ b/helm/provider.go @@ -211,6 +211,12 @@ func kubernetesResource() *schema.Resource { DefaultFunc: schema.EnvDefaultFunc("KUBE_INSECURE", false), Description: "Whether server should be accessed without verifying the TLS certificate.", }, + "tls_server_name": { + Type: schema.TypeString, + Optional: true, + DefaultFunc: schema.EnvDefaultFunc("KUBE_TLS_SERVER_NAME", ""), + Description: "Server name passed to the server for SNI and is used in the client to check server certificates against.", + }, "client_certificate": { Type: schema.TypeString, Optional: true, diff --git a/helm/structure_kubeconfig.go b/helm/structure_kubeconfig.go index 5e16b5ff8..4ca241462 100644 --- a/helm/structure_kubeconfig.go +++ b/helm/structure_kubeconfig.go @@ -131,6 +131,9 @@ func newKubeConfig(configData *schema.ResourceData, namespace *string) (*KubeCon if v, ok := k8sGetOk(configData, "insecure"); ok { overrides.ClusterInfo.InsecureSkipTLSVerify = v.(bool) } + if v, ok := k8sGetOk(configData, "tls_server_name"); ok { + overrides.ClusterInfo.TLSServerName = v.(string) + } if v, ok := k8sGetOk(configData, "cluster_ca_certificate"); ok { overrides.ClusterInfo.CertificateAuthorityData = bytes.NewBufferString(v.(string)).Bytes() } diff --git a/website/docs/index.html.markdown b/website/docs/index.html.markdown index 6fe7b77f8..efe53163b 100644 --- a/website/docs/index.html.markdown +++ b/website/docs/index.html.markdown @@ -165,6 +165,7 @@ The `kubernetes` block supports: * `password` - (Optional) The password to use for HTTP basic authentication when accessing the Kubernetes API. Can be sourced from `KUBE_PASSWORD`. * `token` - (Optional) The bearer token to use for authentication when accessing the Kubernetes API. Can be sourced from `KUBE_TOKEN`. * `insecure` - (Optional) Whether server should be accessed without verifying the TLS certificate. Can be sourced from `KUBE_INSECURE`. +* `tls_server_name` - (Optional) Server name passed to the server for SNI and is used in the client to check server certificates against. Can be sourced from `KUBE_TLS_SERVER_NAME`. * `client_certificate` - (Optional) PEM-encoded client certificate for TLS authentication. Can be sourced from `KUBE_CLIENT_CERT_DATA`. * `client_key` - (Optional) PEM-encoded client certificate key for TLS authentication. Can be sourced from `KUBE_CLIENT_KEY_DATA`. * `cluster_ca_certificate` - (Optional) PEM-encoded root certificates bundle for TLS authentication. Can be sourced from `KUBE_CLUSTER_CA_CERT_DATA`.