Merge pull request #464 from kubescape/skip-ssl-verification

provide an option to skip ssl verification in `http-request`
kubescape · Jul 2, 2024 · 68707c4 · 68707c4
2 parents 22049cb + 35e1a42
commit 68707c4
Show file tree

Hide file tree

Showing 9 changed files with 50 additions and 20 deletions.
diff --git a/charts/kubescape-operator/assets/kubescape-cronjob-full.yaml b/charts/kubescape-operator/assets/kubescape-cronjob-full.yaml
@@ -43,6 +43,9 @@ apiVersion: batch/v1
                   - -path=v1/triggerAction
                   - -headers=Content-Type:application/json
                   - -path-body=/home/ks/request-body.json
+                {{- if .Values.kubescapeScheduler.insecureSkipTLSVerify }}
+                  - -skip-ssl-verify=true
+                {{- end}}
                 volumeMounts:
                   - name: "request-body-volume"
                     mountPath: /home/ks/request-body.json

diff --git a/charts/kubescape-operator/assets/kubevuln-cronjob-full.yaml b/charts/kubescape-operator/assets/kubevuln-cronjob-full.yaml
@@ -43,6 +43,9 @@ apiVersion: batch/v1
                   - -path=v1/triggerAction
                   - -headers=Content-Type:application/json
                   - -path-body=/home/ks/request-body.json
+                {{- if .Values.kubevulnScheduler.insecureSkipTLSVerify }}
+                  - -skip-ssl-verify=true
+                {{- end}}
                 volumeMounts:
                   - name: "request-body-volume"
                     mountPath: /home/ks/request-body.json

diff --git a/charts/kubescape-operator/assets/registry-scan-cronjob-full.yaml b/charts/kubescape-operator/assets/registry-scan-cronjob-full.yaml
@@ -43,6 +43,9 @@ apiVersion: batch/v1
                   - -path=v1/triggerAction
                   - -headers=Content-Type:application/json
                   - -path-body=/home/ks/request-body.json
+                {{- if .Values.registryScanScheduler.insecureSkipTLSVerify }}
+                  - -skip-ssl-verify=true
+                {{- end}}
                 volumeMounts:
                   - name: "request-body-volume"
                     mountPath: /home/ks/request-body.json

diff --git a/charts/kubescape-operator/templates/kubescape-scheduler/cronjob.yaml b/charts/kubescape-operator/templates/kubescape-scheduler/cronjob.yaml
@@ -52,6 +52,9 @@ spec:
               - -path=v1/triggerAction
               - -headers=Content-Type:application/json
               - -path-body=/home/ks/request-body.json
+            {{- if .Values.kubescapeScheduler.insecureSkipTLSVerify }}
+              - -skip-ssl-verify=true
+            {{- end}}
             volumeMounts:
               - name: {{ .Values.kubescapeScheduler.name }}
                 mountPath: /home/ks/request-body.json

diff --git a/charts/kubescape-operator/templates/kubevuln-scheduler/cronjob.yaml b/charts/kubescape-operator/templates/kubevuln-scheduler/cronjob.yaml
@@ -52,6 +52,9 @@ spec:
               - -path=v1/triggerAction
               - -headers=Content-Type:application/json
               - -path-body=/home/ks/request-body.json
+              {{- if .Values.kubevulnScheduler.insecureSkipTLSVerify }}
+              - -skip-ssl-verify=true
+              {{- end}}
             volumeMounts:
               - name: {{ .Values.kubevulnScheduler.name }}
                 mountPath: /home/ks/request-body.json

diff --git a/charts/kubescape-operator/templates/servicediscovery/job.yaml b/charts/kubescape-operator/templates/servicediscovery/job.yaml
@@ -56,6 +56,9 @@ spec:
           - -host={{ .Values.server }}
           - -path=api/v2/servicediscovery
           - -path-output=/data/services.json
+        {{- if .Values.serviceDiscovery.urlDiscovery.insecureSkipTLSVerify }}
+          - -skip-ssl-verify=true
+        {{- end}}
         volumeMounts:
         - name: shared-data
           mountPath: /data

diff --git a/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap b/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap
diff --git a/charts/kubescape-operator/tests/snapshot_test.yaml b/charts/kubescape-operator/tests/snapshot_test.yaml
@@ -140,4 +140,4 @@ tests:
             - registry: test.example.com
               username: xxx
               password: yyy
-              insecure: true
+              insecure: true
diff --git a/charts/kubescape-operator/values.yaml b/charts/kubescape-operator/values.yaml
@@ -721,8 +721,11 @@ serviceDiscovery:
     name: url-discovery
     image:
       repository: quay.io/kubescape/http-request
-      tag: v0.2.6
+      tag: v0.2.8
       pullPolicy: IfNotPresent
+
+    # Skip SSL certificate verification
+    insecureSkipTLSVerify: false
 
   configMapCheck:
     name: check-url-configmap
@@ -829,9 +832,12 @@ kubescapeScheduler:
   image:
     # -- source code: https://github.com/kubescape/http-request (public repo)
     repository: quay.io/kubescape/http-request
-    tag: v0.2.6
+    tag: v0.2.8
     pullPolicy: IfNotPresent
 
+  # Skip SSL certificate verification
+  insecureSkipTLSVerify: false
+
   # Additional volumes to be mounted on the scan scheduler
   volumes: [ ]
 
@@ -869,8 +875,11 @@ kubevulnScheduler:
   image:
     # source code - https://github.com/kubescape/http-request
     repository: quay.io/kubescape/http-request
-    tag: v0.2.6
+    tag: v0.2.8
     pullPolicy: IfNotPresent
+
+  # Skip SSL certificate verification
+  insecureSkipTLSVerify: false
 
   # Additional volumes to be mounted on the vuln scan scheduler
   volumes: [ ]
@@ -911,8 +920,11 @@ registryScanScheduler:
   image:
     # -- source code: https://github.com/kubescape/http-request (public repo)
     repository: quay.io/kubescape/http-request
-    tag: v0.2.6
+    tag: v0.2.8
     pullPolicy: IfNotPresent
+
+  # Skip SSL certificate verification
+  insecureSkipTLSVerify: false
 
   # Additional volumes to be mounted on the scan scheduler
   volumes: [ ]