From 0eee72824c76a4b667cb0c65c3d7b4e0cd6aacd0 Mon Sep 17 00:00:00 2001
From: Charandas <charandas@users.noreply.github.com>
Date: Tue, 12 Mar 2024 12:58:02 -0700
Subject: [PATCH] K8s: omit CABundle until insecure is false (#84323)

---
 pkg/services/apiserver/aggregator/aggregator.go | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/pkg/services/apiserver/aggregator/aggregator.go b/pkg/services/apiserver/aggregator/aggregator.go
index c25d41d278f..1a3bca1c4e3 100644
--- a/pkg/services/apiserver/aggregator/aggregator.go
+++ b/pkg/services/apiserver/aggregator/aggregator.go
@@ -136,7 +136,7 @@ func CreateAggregatorConfig(commandOptions *options.Options, sharedConfig generi
 		return NewConfig(aggregatorConfig, sharedInformerFactory, nil), nil
 	}
 
-	caBundlePEM, err := readCABundlePEM(commandOptions.AggregatorOptions.APIServiceCABundleFile, commandOptions.ExtraOptions.DevMode)
+	_, err = readCABundlePEM(commandOptions.AggregatorOptions.APIServiceCABundleFile, commandOptions.ExtraOptions.DevMode)
 	if err != nil {
 		return nil, err
 	}
@@ -151,9 +151,10 @@ func CreateAggregatorConfig(commandOptions *options.Options, sharedConfig generi
 		// https://github.com/kubernetes/kubernetes/pull/123808
 		InsecureSkipTLSVerify:  true,
 		ExternalNamesNamespace: externalNamesNamespace,
-		CABundle:               caBundlePEM,
-		Services:               remoteServices,
-		serviceClientSet:       serviceClient,
+		// TODO: CABundle can't be set when insecure is true
+		// CABundle: caBundlePEM,
+		Services:         remoteServices,
+		serviceClientSet: serviceClient,
 	}
 
 	return NewConfig(aggregatorConfig, sharedInformerFactory, remoteServicesConfig), nil