Skip to content

Commit

Permalink
Merge pull request #418 from rksharma95/fix-tls-config
Browse files Browse the repository at this point in the history
fix(log): update tls config
  • Loading branch information
daemon1024 authored Mar 26, 2024
2 parents 809e8bf + 6cae3d1 commit 98bedd1
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 6 deletions.
2 changes: 1 addition & 1 deletion cmd/log.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ func init() {
rootCmd.AddCommand(logCmd)

logCmd.Flags().StringVar(&logOptions.GRPC, "gRPC", "", "gRPC server information")
logCmd.Flags().BoolVar(&logOptions.Insecure, "insecure", true, "connect to kubearmor on an insecure connection")
logCmd.Flags().BoolVar(&logOptions.Secure, "secure", false, "connect to kubearmor on an insecure connection")
logCmd.Flags().StringVar(&logOptions.TlsCertPath, "tlsCertPath", "/var/lib/kubearmor/tls", "path to the ca.crt, client.crt, and client.key if certs are provided locally")
logCmd.Flags().StringVar(&logOptions.TlsCertProvider, "tlsCertProvider", "self", "{self|external} self: dynamically crete client certificates, external: provide client certificate and key with --tlsCertPath")
logCmd.Flags().BoolVar(&logOptions.ReadCAFromSecret, "readCAFromSecret", true, "true if ca cert to be read from k8s secret on cluster running kubearmor")
Expand Down
8 changes: 4 additions & 4 deletions log/log.go
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ var (
// Options Structure
type Options struct {
GRPC string
Insecure bool
Secure bool
TlsCertPath string
TlsCertProvider string
ReadCAFromSecret bool
Expand Down Expand Up @@ -155,11 +155,11 @@ func StartObserver(c *k8s.Client, o Options) error {
// create client
logClient, err := NewClient(gRPC, o, c.K8sClientset)
if err != nil {
if o.Insecure && !isDialingError(err) {
if !o.Secure && !isDialingError(err) {
// retry connecting to the server on secured channel
fmt.Fprintf(os.Stderr, "Failed to connect on insecure channel\n(%s)\n", err)
fmt.Fprint(os.Stderr, "Trying to reconnect using secured channel...\n")
o.Insecure = false
o.Secure = true
logClient, err = NewClient(gRPC, o, c.K8sClientset)
if err != nil {
return fmt.Errorf("unable to create log client, error=%s", err)
Expand All @@ -180,7 +180,7 @@ func StartObserver(c *k8s.Client, o Options) error {
if o.MsgPath != "none" {
// watch messages
go logClient.WatchMessages(o.MsgPath, o.JSON)
fmt.Fprintln(os.Stdout, "Started to watch messages")
fmt.Fprintln(os.Stderr, "Started to watch messages")
}

err = regexCompile(o)
Expand Down
2 changes: 1 addition & 1 deletion log/logClient.go
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 +113,7 @@ func NewClient(server string, o Options, c kubernetes.Interface) (*Feeder, error
fd.limit = o.Limit

var creds credentials.TransportCredentials
if !o.Insecure {
if o.Secure {
tlsCreds, err := loadTLSCredentials(c, o)
if err != nil {
return nil, err
Expand Down

0 comments on commit 98bedd1

Please sign in to comment.