From 3d3ab261f6158c15e6d24cf7c24d61c235432af0 Mon Sep 17 00:00:00 2001 From: Thomas Labarussias Date: Tue, 10 Sep 2024 16:56:30 +0200 Subject: [PATCH] fix the error when the custom CA cert is missing, even it's the default, see: https://github.com/falcosecurity/falcosidekick/issues/987 Signed-off-by: Thomas Labarussias --- .gitignore | 1 + charts/falcosidekick/CHANGELOG.md | 5 +++++ charts/falcosidekick/Chart.yaml | 2 +- charts/falcosidekick/README.md | 2 +- charts/falcosidekick/values.yaml | 2 +- 5 files changed, 9 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index f7009cf4..e958ba78 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,4 @@ *.swp *.swo *~ +.vscode \ No newline at end of file diff --git a/charts/falcosidekick/CHANGELOG.md b/charts/falcosidekick/CHANGELOG.md index a1c79a7f..d7b85f5f 100644 --- a/charts/falcosidekick/CHANGELOG.md +++ b/charts/falcosidekick/CHANGELOG.md @@ -5,7 +5,12 @@ numbering uses [semantic versioning](http://semver.org). Before release 0.1.20, the helm chart can be found in `falcosidekick` [repository](https://github.com/falcosecurity/falcosidekick/tree/master/deploy/helm/falcosidekick). +## 0.8.5 + +- Fix an issue with the by default missing custom CA cert + ## 0.8.4 + - Fix falcosidekick chart ignoring custom service type for webui redis ## 0.8.3 diff --git a/charts/falcosidekick/Chart.yaml b/charts/falcosidekick/Chart.yaml index 9f3d776e..1b18d129 100644 --- a/charts/falcosidekick/Chart.yaml +++ b/charts/falcosidekick/Chart.yaml @@ -3,7 +3,7 @@ appVersion: 2.29.0 description: Connect Falco to your ecosystem icon: https://raw.githubusercontent.com/falcosecurity/falcosidekick/master/imgs/falcosidekick_color.png name: falcosidekick -version: 0.8.4 +version: 0.8.5 keywords: - monitoring - security diff --git a/charts/falcosidekick/README.md b/charts/falcosidekick/README.md index 9995cffb..598d140c 100644 --- a/charts/falcosidekick/README.md +++ b/charts/falcosidekick/README.md @@ -523,7 +523,7 @@ The following table lists the main configurable parameters of the Falcosidekick | config.timescaledb.password | string | `"postgres"` | Password to authenticate with TimescaleDB | | config.timescaledb.port | int | `5432` | TimescaleDB port (default: 5432) | | config.timescaledb.user | string | `"postgres"` | Username to authenticate with TimescaleDB | -| config.tlsclient.cacertfile | string | `"/etc/certs/client/ca.crt"` | CA certificate file for server certification on TLS connections, appended to the system CA pool if not empty | +| config.tlsclient.cacertfile | string | `""` | CA certificate file for server certification on TLS connections, appended to the system CA pool if not empty | | config.tlsserver.cacertfile | string | `"/etc/certs/server/ca.crt"` | CA certification file path for client certification if mutualtls is true | | config.tlsserver.cacrt | string | `""` | | | config.tlsserver.certfile | string | `"/etc/certs/server/server.crt"` | server certification file path for TLS Server | diff --git a/charts/falcosidekick/values.yaml b/charts/falcosidekick/values.yaml index 9bc98791..c148ee72 100644 --- a/charts/falcosidekick/values.yaml +++ b/charts/falcosidekick/values.yaml @@ -145,7 +145,7 @@ config: tlsclient: # -- CA certificate file for server certification on TLS connections, appended to the system CA pool if not empty - cacertfile: "/etc/certs/client/ca.crt" + cacertfile: "" tlsserver: # -- if true TLS server will be deployed instead of HTTP