add -insecure-skip-tls-verify

Readme.md

@@ -53,6 +53,8 @@ Usage: ./bin/kubeconform [OPTION]... [FILE OR FOLDER]...
   -h    show help information
   -ignore-missing-schemas
         skip files with missing schemas instead of failing
+  -insecure-skip-tls-verify
+        disable verification of the server's SSL certificate. This will make your HTTPS connections insecure
   -kubernetes-version string
         version of Kubernetes to validate against (default "1.18.0")
   -n int

cmd/kubeconform/main.go

@@ -150,7 +150,7 @@ func realMain() int {
 
 	registries := []registry.Registry{}
 	for _, schemaLocation := range cfg.SchemaLocations {
-		registries = append(registries, registry.New(schemaLocation, cfg.Strict))
+		registries = append(registries, registry.New(schemaLocation, cfg.Strict, cfg.SkipTLS))
 	}
 
 	var o output.Output

pkg/config/config.go

@@ -12,6 +12,7 @@ type Config struct {
 	ExitOnError          bool
 	Files                []string
 	SchemaLocations      []string
+	SkipTLS              bool
 	SkipKinds            map[string]bool
 	RejectKinds          map[string]bool
 	OutputFormat         string
@@ -69,6 +70,7 @@ func FromFlags(progName string, args []string) (Config, string, error) {
 	flags.BoolVar(&c.Strict, "strict", false, "disallow additional properties not in schema")
 	flags.StringVar(&c.OutputFormat, "output", "text", "output format - text, json")
 	flags.BoolVar(&c.Verbose, "verbose", false, "print results for all resources")
+	flags.BoolVar(&c.SkipTLS, "insecure-skip-tls-verify", false, "disable verification of the server's SSL certificate. This will make your HTTPS connections insecure")
 	flags.BoolVar(&c.Help, "h", false, "show help information")
 	flags.Usage = func() {
 		fmt.Fprintf(os.Stderr, "Usage: %s [OPTION]... [FILE OR FOLDER]...\n", progName)

pkg/registry/kubernetesjsonschema.go

@@ -1,6 +1,7 @@
 package registry
 
 import (
+	"crypto/tls"
 	"fmt"
 	"io/ioutil"
 	"net/http"
@@ -22,7 +23,11 @@ func newDownloadError(err error, isRetryable bool) *downloadError {
 func (e *downloadError) IsRetryable() bool { return e.isRetryable }
 func (e *downloadError) Error() string     { return e.err.Error() }
 
-func newHTTPRegistry(schemaPathTemplate string, strict bool) *KubernetesRegistry {
+func newHTTPRegistry(schemaPathTemplate string, strict bool, skipTLS bool) *KubernetesRegistry {
+	if skipTLS {
+		http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
+	}
+
 	return &KubernetesRegistry{
 		schemaPathTemplate: schemaPathTemplate,
 		strict:             strict,

pkg/registry/registry.go

@@ -65,13 +65,13 @@ func schemaPath(tpl, resourceKind, resourceAPIVersion, k8sVersion string, strict
 	return buf.String(), nil
 }
 
-func New(schemaLocation string, strict bool) Registry {
+func New(schemaLocation string, strict bool, skipTLS bool) Registry {
 	if !strings.HasSuffix(schemaLocation, "json") { // If we dont specify a full templated path, we assume the paths of kubernetesjsonschema.dev
 		schemaLocation += "/{{ .NormalizedVersion }}-standalone{{ .StrictSuffix }}/{{ .ResourceKind }}{{ .KindSuffix }}.json"
 	}
 
 	if strings.HasPrefix(schemaLocation, "http") {
-		return newHTTPRegistry(schemaLocation, strict)
+		return newHTTPRegistry(schemaLocation, strict, skipTLS)
 	} else {
 		return newLocalRegistry(schemaLocation, strict)
 	}