chore(tls): Fix the subscriber & event-tracker to add CUSTOM_TLS_CERT…

… to root cert pool instead of override (#4604) Signed-off-by: Shubham Chaudhary <shubham.chaudhary@harness.io> Co-authored-by: Vedant Shrotria <vedant.shrotria@harness.io>
litmuschaos · May 3, 2024 · e15d670 · e15d670
1 parent 2d965b5
commit e15d670
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 7 deletions.
diff --git a/chaoscenter/event-tracker/main.go b/chaoscenter/event-tracker/main.go
@@ -111,9 +111,12 @@ func main() {
 		if err != nil {
 			logrus.Fatalf("failed to parse custom tls cert %v", err)
 		}
-		caCertPool := x509.NewCertPool()
-		caCertPool.AppendCertsFromPEM(cert)
-		http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{RootCAs: caCertPool}
+		rootCerts, err := x509.SystemCertPool()
+		if err != nil {
+			logrus.Fatalf("Failed to read system cert pool %v", err)
+		}
+		rootCerts.AppendCertsFromPEM(cert)
+		http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{RootCAs: rootCerts}
 	}
 
 	var (

diff --git a/chaoscenter/subscriber/subscriber.go b/chaoscenter/subscriber/subscriber.go
@@ -81,10 +81,13 @@ func init() {
 		if err != nil {
 			logrus.Fatalf("Failed to parse custom tls cert %v", err)
 		}
-		caCertPool := x509.NewCertPool()
-		caCertPool.AppendCertsFromPEM(cert)
-		http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{RootCAs: caCertPool}
-		websocket.DefaultDialer.TLSClientConfig = &tls.Config{RootCAs: caCertPool}
+		rootCerts, err := x509.SystemCertPool()
+		if err != nil {
+			logrus.Fatalf("Failed to read system cert pool %v", err)
+		}
+		rootCerts.AppendCertsFromPEM(cert)
+		http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{RootCAs: rootCerts}
+		websocket.DefaultDialer.TLSClientConfig = &tls.Config{RootCAs: rootCerts}
 	}
 
 	k8s.KubeConfig = flag.String("kubeconfig", "", "absolute path to the kubeconfig file")