fix the error when the custom CA cert is missing, even it's the defau…

…lt, see: falcosecurity/falcosidekick#987 Signed-off-by: Thomas Labarussias <issif+github@gadz.org>
falcosecurity · Sep 11, 2024 · 3d3ab26 · 3d3ab26
1 parent 4d2da46
commit 3d3ab26
Show file tree

Hide file tree

Showing 5 changed files with 9 additions and 3 deletions.
diff --git a/.gitignore b/.gitignore
@@ -3,3 +3,4 @@
 *.swp
 *.swo
 *~
+.vscode
diff --git a/charts/falcosidekick/CHANGELOG.md b/charts/falcosidekick/CHANGELOG.md
@@ -5,7 +5,12 @@ numbering uses [semantic versioning](http://semver.org).
 
 Before release 0.1.20, the helm chart can be found in `falcosidekick` [repository](https://github.com/falcosecurity/falcosidekick/tree/master/deploy/helm/falcosidekick).
 
+## 0.8.5
+
+- Fix an issue with the by default missing custom CA cert
+
 ## 0.8.4
+
 - Fix falcosidekick chart ignoring custom service type for webui redis
 
 ## 0.8.3

diff --git a/charts/falcosidekick/Chart.yaml b/charts/falcosidekick/Chart.yaml
@@ -3,7 +3,7 @@ appVersion: 2.29.0
 description: Connect Falco to your ecosystem
 icon: https://raw.githubusercontent.com/falcosecurity/falcosidekick/master/imgs/falcosidekick_color.png
 name: falcosidekick
-version: 0.8.4
+version: 0.8.5
 keywords:
   - monitoring
   - security

diff --git a/charts/falcosidekick/README.md b/charts/falcosidekick/README.md
@@ -523,7 +523,7 @@ The following table lists the main configurable parameters of the Falcosidekick
 | config.timescaledb.password | string | `"postgres"` | Password to authenticate with TimescaleDB |
 | config.timescaledb.port | int | `5432` | TimescaleDB port (default: 5432) |
 | config.timescaledb.user | string | `"postgres"` | Username to authenticate with TimescaleDB |
-| config.tlsclient.cacertfile | string | `"/etc/certs/client/ca.crt"` | CA certificate file for server certification on TLS connections, appended to the system CA pool if not empty |
+| config.tlsclient.cacertfile | string | `""` | CA certificate file for server certification on TLS connections, appended to the system CA pool if not empty |
 | config.tlsserver.cacertfile | string | `"/etc/certs/server/ca.crt"` | CA certification file path for client certification if mutualtls is true |
 | config.tlsserver.cacrt | string | `""` |  |
 | config.tlsserver.certfile | string | `"/etc/certs/server/server.crt"` | server certification file path for TLS Server |

diff --git a/charts/falcosidekick/values.yaml b/charts/falcosidekick/values.yaml
@@ -145,7 +145,7 @@ config:
 
   tlsclient:
     # -- CA certificate file for server certification on TLS connections, appended to the system CA pool if not empty
-    cacertfile: "/etc/certs/client/ca.crt"
+    cacertfile: ""
 
   tlsserver:
     # -- if true TLS server will be deployed instead of HTTP