Merge pull request #1372 from flanksource/insecure-skip-verify

feat: add upstream-insecure-skip-verify arg
flanksource · Oct 23, 2023 · b2acc04 · b2acc04
2 parents 3a618b3 + c4c814a
commit b2acc04
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 0 deletions.
diff --git a/chart/templates/deployment.yaml b/chart/templates/deployment.yaml
@@ -155,6 +155,9 @@ spec:
             {{- if .Values.upstream.password }}
             - --upstream-password={{ .Values.upstream.password }}
             {{- end}}
+            {{- if .Values.upstream.insecureSkipVerify}}
+            - --upstream-insecure-skip-verify=true
+            {{- end}}
             {{- end }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}

diff --git a/chart/values.yaml b/chart/values.yaml
@@ -76,6 +76,7 @@ upstream:
   host: ""
   user: ""
   password: ""
+  insecureSkipVerify: false
   # Alternative to inlining values, secret must contain: UPSTREAM_NAME, UPSTREAM_USER, UPSTREAM_PASSWORD & UPSTREAM_HOST
   secretKeyRef:
     name:

diff --git a/cmd/root.go b/cmd/root.go
@@ -75,6 +75,7 @@ func ServerFlags(flags *pflag.FlagSet) {
 	flags.StringVar(&canary.UpstreamConf.Username, "upstream-user", os.Getenv("UPSTREAM_USER"), "upstream username")
 	flags.StringVar(&canary.UpstreamConf.Password, "upstream-password", os.Getenv("UPSTREAM_PASSWORD"), "upstream password")
 	flags.StringVar(&canary.UpstreamConf.AgentName, "agent-name", os.Getenv("UPSTREAM_NAME"), "name of this agent")
+	flags.BoolVar(&canary.UpstreamConf.InsecureSkipVerify, "upstream-insecure-skip-verify", os.Getenv("UPSTREAM_INSECURE_SKIP_VERIFY") == "true", "Skip TLS verification on the upstream servers certificate")
 }
 
 func readFromEnv(v string) string {