handling insecure connections

accuknox · Sep 4, 2024 · 36caeb6 · 36caeb6
1 parent 2bf42db
commit 36caeb6
Show file tree

Hide file tree

Showing 7 changed files with 25 additions and 3 deletions.
diff --git a/cis-k8s-job/templates/cis-corn-job.yaml b/cis-k8s-job/templates/cis-corn-job.yaml
@@ -29,6 +29,10 @@ spec:
                 value: {{ .Values.accuknox.tenantId | quote}}
               - name: URL
                 value: {{ .Values.accuknox.url }}
+              - name: CERT_BUNDLE_URL
+                value: {{ .Values.accuknox.certBundleURL }}
+              - name: USE_INSECURE_CONNECTION
+                value: {{ .Values.accuknox.useInsecureConnection | quote }}
             volumeMounts:
             - mountPath: /data
               name: datapath

diff --git a/k8s-risk-assessment-job/values.yaml b/k8s-risk-assessment-job/values.yaml
@@ -18,3 +18,4 @@ accuknox:
   clusterID: 0
   label: ""
   secretName: ""
+
diff --git a/k8tls-job/templates/k8tls-cronjob.yaml b/k8tls-job/templates/k8tls-cronjob.yaml
@@ -42,7 +42,7 @@ spec:
           containers:
           - image: accuknox/accuknox-job:latest
             command: ["/bin/sh", "-c"]
-            args: ['curl --location --request POST "https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=K8TLS&save_to_s3=false" --header "Tenant-Id: ${TENANT_ID}" --header "Authorization: Bearer ${AUTH_TOKEN}" --form "file=@\"/data/report.json\"" && cat /data/report.json']
+            args: ['./curl_command.sh']
             name: k8tls-job
             resources: {}
             env:
@@ -56,6 +56,10 @@ spec:
                 value: {{ if ne .Values.accuknox.clusterName "" }}{{ .Values.accuknox.clusterName }}{{ else }}{{ "default" }}{{ end }}
               - name: LABEL_NAME
                 value: {{ if ne .Values.accuknox.label "" }}{{ .Values.accuknox.label }}{{ else }}{{ "default" }}{{ end }}
+              - name: CERT_BUNDLE_URL
+                value: {{ .Values.accuknox.certBundleURL }}
+              - name: USE_INSECURE_CONNECTION
+                value: {{ .Values.accuknox.useInsecureConnection | quote }}
             volumeMounts:
               - mountPath: /data
                 name: datapath

diff --git a/k8tls-job/templates/k8tls-job.yaml b/k8tls-job/templates/k8tls-job.yaml
@@ -12,7 +12,7 @@ spec:
       containers:
       - image: accuknox/accuknox-job:latest
         command: ["/bin/sh", "-c"]
-        args: ['curl --location --request POST "https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=K8TLS&save_to_s3=false" --header "Tenant-Id: ${TENANT_ID}" --header "Authorization: Bearer ${AUTH_TOKEN}" --form "file=@\"/data/report.json\"" && cat /data/report.json']
+        args: ['./curl_command.sh']
         name: k8tls-job
         resources: {}
         env:
@@ -26,6 +26,10 @@ spec:
             value: {{ if ne .Values.accuknox.clusterName "" }}{{ .Values.accuknox.clusterName }}{{ else }}{{ "default" }}{{ end }}
           - name: LABEL_NAME
             value: {{ if ne .Values.accuknox.label "" }}{{ .Values.accuknox.label }}{{ else }}{{ "default" }}{{ end }}
+          - name: CERT_BUNDLE_URL
+            value: {{ .Values.accuknox.certBundleURL }}
+          - name: USE_INSECURE_CONNECTION
+            value: {{ .Values.accuknox.useInsecureConnection | quote }}
         volumeMounts:
           - mountPath: /data
             name: datapath

diff --git a/k8tls-job/values.yaml b/k8tls-job/values.yaml
@@ -9,3 +9,5 @@ accuknox:
   clusterName: ""
   label: ""
   URL: "cspm.demo.accuknox.com"
+  certBundleURL: ""  # Set this for cert URL if needed
+  useInsecureConnection: false  # Set to true if insecure connection is needed
diff --git a/kiem-job/templates/job.yaml b/kiem-job/templates/job.yaml
@@ -21,7 +21,8 @@ spec:
               mountPath: /data
       containers:
         - image: accuknox/accuknox-job:latest
-          command: ['sh', '-c', 'curl --location --request POST "https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=KIEM&save_to_s3=false&label_id=${LABEL_NAME}" --header "Tenant-Id: ${TENANT_ID}" --header "Authorization: Bearer ${AUTH_TOKEN}" --form "file=@\"/data/report.json\""']
+          command: ["/bin/sh", "-c"]
+          args: ['./curl_command.sh']
           name: accuknox-kiem-job
           resources: {}
           env:
@@ -35,6 +36,10 @@ spec:
               value: {{ .Values.accuknox.clusterName }}
             - name: LABEL_NAME
               value: {{ .Values.accuknox.label | quote}}
+            - name: CERT_BUNDLE_URL
+              value: {{ .Values.accuknox.certBundleURL }}
+            - name: USE_INSECURE_CONNECTION
+              value: {{ .Values.accuknox.useInsecureConnection | quote }}
           volumeMounts:
             - mountPath: /data
               name: datapath      

diff --git a/kiem-job/values.yaml b/kiem-job/values.yaml
@@ -11,3 +11,5 @@ accuknox:
   cronTab: "30 9 * * *"
   clusterName: ""
   label: ""
+  certBundleURL: ""  # Set this for cert URL if needed
+  useInsecureConnection: false  # Set to true if insecure connection is needed