github/zot
1
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2026-06-18 05:28:07 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
0eafaeb04384d605a98bbd5c65103960e7385202
zot/pkg/exporter/api/config.go
T
Ramkumar Chinchani b47b643e05 fix(security): remove InsecureSkipVerify from metrics client (TLS-1) (#3982) 
* fix(security): remove InsecureSkipVerify from metrics client (TLS-1)

Replace the unconditional InsecureSkipVerify: true TLS config in
newHTTPMetricsClient with the system cert pool (+ TLS 1.2 minimum).

Add an optional CACert field to MetricsConfig and to the exporter
ServerConfig so operators running zot with a self-signed or private
CA can point the exporter at the correct CA file instead of
disabling certificate verification entirely.

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* feat(metrics): add HTTPS configuration for metrics exporter

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* fix(security): enhance CA certificate handling in metrics client and add tests

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* fix(security): improve CA certificate error handling in metrics client and update tests

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* fix(tests): correct package name in minimal_client_test.go and simplify error declaration

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* fix(tests): update package name in minimal_client_test.go for consistency

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

---------

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
2026-04-19 08:57:24 +03:00

42 lines
975 B
Go
Raw Blame History

//go:build !metrics
package api
// LogConfig and the other types below are exported so the cli package can read them from configuration file.
type LogConfig struct {
Level string
Output string
}
type MetricsConfig struct {
Path string
}
type ServerConfig struct {
Protocol string
Host string
Port string
// CACert is an optional path to a PEM-encoded CA certificate used to verify
// the zot server's TLS certificate. Required when the server uses a
// self-signed or private CA. Leave empty to use the system cert pool.
CACert string
}
type ExporterConfig struct {
Port string
Log *LogConfig
Metrics *MetricsConfig
}
type Config struct {
Server ServerConfig
Exporter ExporterConfig
}
func DefaultConfig() *Config {
return &Config{
Server: ServerConfig{Protocol: "http", Host: "localhost", Port: "8080"},
Exporter: ExporterConfig{Port: "8081", Log: &LogConfig{Level: "debug"}, Metrics: &MetricsConfig{Path: "/metrics"}},
}
}
Reference in New Issue View Git Blame Copy Permalink