insecureSkipTLSVerify is insecure

[dudicoco]

The insecureSkipTLSVerify: true flag is used within the deployment manifest: https://github.com/zalando-incubator/kube-metrics-adapter/blob/9da155554b4da7e4fd63a12ec6a6ef1e7a8a9980/docs/custom-metrics-apiservice.yaml#L11

According to the k8s api docs this should not be used: InsecureSkipTLSVerify disables TLS certificate verification when communicating with this server. This is strongly discouraged. You should use the CABundle instead. https://v1-18.docs.kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#apiservicespec-v1-apiregistration-k8s-io

Was insecureSkipTLSVerify: true added because the container generates its own self signed certificate, which cannot be validated by the api server? Can this be resolved somehow?

[szuecs]

@dudicoco I guess you can change it, but test it in a test cluster and we would be happy if you could report back, in case you can confirm it works or not.

[dudicoco]

@szuecs per the docs, we must supply the CABundle to the configuration in order for that to work, and since kube-metrics-adapter is generating its certificates within its code, i'm not sure how can we supply the CABundle.

[szuecs]

Then it's a feature request, thanks for checking. If you want you can also file a pull request.

[dudicoco]

@szuecs I wouldn't define it as a feature request but more as a security vulnerability.

[szuecs]

@dudicoco if you like. I think the position to successful exploit this vulnerability is an already so powerful position that you have at least dozens of possibilities to exploit the cluster. You can DoS the controller-manager with the "right" hpa for example.