This PR adds mtls support to secure grpc connections between karmor <-> KubeArmor and karmor <-> KubeArmor-Relay.
The following configurations has been added:
config
values
default
description
--insecure
true/false
true
connect to secure/insecure server
--tlsCertPath
"valid directory path"
/var/lib/kubearmor/tls
path to the directory where ca.crt, client.crt and client.key files are present
--tlsCertProvider
self/external
self
self: client certificates will be generated dynamically, external: use client and ca certificates provided using files
Use cases:
KubeArmor is being deployed in k8s cluster with tls enabled, connect to the kubearmor relay to get the telemetry using default self signed ca deployed along with the KubeArmor. (KubeArmor should be installed with tls configurations that allows karmor to connect)
karmor logs --insecure=false
Connect to KubeArmor using certificates (client.crt, client.key, ca.crt) stored locally.
This PR adds mtls support to secure grpc connections between
karmor <-> KubeArmor
andkarmor <-> KubeArmor-Relay
.--insecure
--tlsCertPath
--tlsCertProvider
Use cases:
(client.crt, client.key, ca.crt)
stored locally.