search

kiwigrid / k8s-sidecar

This is a docker container intended to run inside a kubernetes cluster to collect config maps with a specified label and store the included files in a local folder.
MIT License
612 stars 183 forks source link

Allow skipping TLS verification for http requests (not only to K8s API server) #261

Closed lorenzo-biava closed 1 year ago

lorenzo-biava commented 1 year ago

Right now the SKIP_TLS_VERIFY env only has effect on the K8s API server connection.

However, the requests to Grafana cannot be customized. Even though there used to be a way to circumvent this in the past (which no longer works -- https://github.com/psf/requests/issues/6071), there should be an explicit way to skip TLS verification for Grafana (either reusing the same env SKIP_TLS_VERIFY or a separate one). Since this runs as a sidecar, the hostname (localhost) won't match even with proper CA.

Ref: https://github.com/kiwigrid/k8s-sidecar/blob/master/src/helpers.py#L130

lorenzo-biava commented 1 year ago

@jekkel when you got a moment, can you review https://github.com/kiwigrid/k8s-sidecar/pull/262 ? Should be pretty straightforward, but I can provide more context around the use case if needed 😉

jekkel commented 1 year ago

Sorry for the delay, reviewed the PR.