If someone manages to do a man in the middle between the Kubernetes cluster and the final git repository, then an attacker could provide malicious configurations to the pods.
Some possibilities by providing malicious configurations:
allow doing some remote execution of some affected programs.
deface the website
show different data like their own metadatas and so on
Solution
We should allow the ability to provide a host key in the values.yaml file so that git verifies the git server.
Cause
Currently, we do not verify the host key when doing a git clone of datadir using the SSH protocol: https://github.com/georchestra/helm-georchestra/blob/main/templates/_bootstrap-georchestra-datadir.tpl#L18 HTTPS (the default protocol when simply deploying the helm chart) is not affected, as it verifies the TLS certificate.
If someone manages to do a man in the middle between the Kubernetes cluster and the final git repository, then an attacker could provide malicious configurations to the pods.
Some possibilities by providing malicious configurations:
Solution
We should allow the ability to provide a host key in the values.yaml file so that git verifies the git server.