The `credentials` package allows users to supply their own custom credentials to be used with gRPC clients and servers. This package defines a `TransportCredentials` interface (see https://pkg.go.dev/google.golang.org/[email protected]/credentials#TransportCredentials) that you could possibly implement to suit your needs.
Ignoring TLS certificate errors with `InsecureSkipVerify` is something that needs to be done cautiously. We do have a custom credentials implementation here (https://github.com/grpc/grpc-go/blob/master/credentials/xds/xds.go), that receives credentials configuration from an external control plane. You can browse through this code to get an idea of how you could possibly implement your own custom credentials. On Friday, April 26, 2024 at 1:09:06 PM UTC-7 Sergey Kanzhelev wrote: > Hi, > > Is there a way to create a grpc client in go so it will do both at the > same time: > - ignore TLS cert errors > - allow insecure channel > > The question is coming from this k8s PR: > https://github.com/kubernetes/kubernetes/pull/124522 > > I am trying to allow grpc prober to do insecure as well as ignoring server > certificates errors like http prober does. But I cannot figure out if I can > do both at the same time. > > - WithInsecure allow non-TLS > - > WithTransportCredentials(credentials.NewTLS(&tls.Config{InsecureSkipVerify: > true})) ignores errors > > Implementing it as two calls with the fallback from one to another will > require some advanced timout management. Adding a configuration option for > this seems like an overkill. > > Any advice is appreciated! And sorry if it is obvious - I didn't spent too > much time researching, but enough to get stuck :-). > > /Sergey > -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/58db68ce-79af-4afd-bc8b-38e567db8360n%40googlegroups.com.
