chrisfelix82
diff --git a/‎src/config.ts‎
Lines changed: 4 additions & 0 deletions b/‎src/config.ts‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎src/config_test.ts‎
Lines changed: 41 additions & 0 deletions b/‎src/config_test.ts‎
Lines changed: 41 additions & 0 deletions
diff --git a/‎src/web-socket-handler.ts‎
Lines changed: 1 addition & 1 deletion b/‎src/web-socket-handler.ts‎
Lines changed: 1 addition & 1 deletion
@@ -253,6 +253,10 @@ export class KubeConfig {
         if (!user) {
             return;
         }
+
+        if (cluster != null && cluster.skipTLSVerify) {
+            opts.rejectUnauthorized = false;
+        }
         const ca = cluster != null ? bufferFromFileOrString(cluster.caFile, cluster.caData) : null;
         if (ca) {
             opts.ca = ca;
 
@@ -194,6 +194,7 @@ describe('KubeConfig', () => {
                 ca: new Buffer('CADATA2', 'utf-8'),
                 cert: new Buffer('USER2_CADATA', 'utf-8'),
                 key: new Buffer('USER2_CKDATA', 'utf-8'),
+                rejectUnauthorized: false,
             });
         });
     });
@@ -592,6 +593,46 @@ describe('KubeConfig', () => {
             }
         });
 
+        it('should populate rejectUnauthorized=false when skipTLSVerify is set', () => {
+            const config = new KubeConfig();
+            const token = 'token';
+            config.loadFromClusterAndUser(
+                { skipTLSVerify: true } as Cluster,
+                {
+                    authProvider: {
+                        name: 'azure',
+                        config: {
+                            'access-token': token,
+                        },
+                    },
+                } as User);
+            const opts = {} as requestlib.Options;
+
+            config.applyToRequest(opts);
+            expect(opts.rejectUnauthorized).to.equal(false);
+        });
+
+        it('should not set rejectUnauthorized if skipTLSVerify is not set', () => {
+            // This test is just making 100% sure we validate certs unless we explictly set
+            // skipTLSVerify = true
+            const config = new KubeConfig();
+            const token = 'token';
+            config.loadFromClusterAndUser(
+                {  } as Cluster,
+                {
+                    authProvider: {
+                        name: 'azure',
+                        config: {
+                            'access-token': token,
+                        },
+                    },
+                } as User);
+            const opts = {} as requestlib.Options;
+
+            config.applyToRequest(opts);
+            expect(opts.rejectUnauthorized).to.equal(undefined);
+        });
+
         it('should throw with expired token and no cmd', () => {
             const config = new KubeConfig();
             config.loadFromClusterAndUser(
 
@@ -105,7 +105,7 @@ export class WebSocketHandler implements WebSocketInterface {
         const uri = `${proto}://${target}${path}`;
 
         const opts: WebSocket.ClientOptions = {};
-        // TODO: This doesn't set insecureSSL if skipTLSVerify is set...
+
         this.config.applytoHTTPSOptions(opts);
 
         return new Promise((resolve, reject) => {