From 6cae3d1bced03f706eb9f2072caa522046c568cf Mon Sep 17 00:00:00 2001
From: rksharma95 <ramakant@accuknox.com>
Date: Fri, 22 Mar 2024 22:16:34 +0530
Subject: [PATCH] update tls config

Signed-off-by: rksharma95 <ramakant@accuknox.com>
---
 cmd/log.go       |  2 +-
 log/log.go       | 10 +++++-----
 log/logClient.go |  2 +-
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/cmd/log.go b/cmd/log.go
index b1844277..94e1574f 100644
--- a/cmd/log.go
+++ b/cmd/log.go
@@ -25,7 +25,7 @@ func init() {
 	rootCmd.AddCommand(logCmd)
 
 	logCmd.Flags().StringVar(&logOptions.GRPC, "gRPC", "", "gRPC server information")
-	logCmd.Flags().BoolVar(&logOptions.Insecure, "insecure", true, "connect to kubearmor on an insecure connection")
+	logCmd.Flags().BoolVar(&logOptions.Secure, "secure", false, "connect to kubearmor on an insecure connection")
 	logCmd.Flags().StringVar(&logOptions.TlsCertPath, "tlsCertPath", "/var/lib/kubearmor/tls", "path to the ca.crt, client.crt, and client.key if certs are provided locally")
 	logCmd.Flags().StringVar(&logOptions.TlsCertProvider, "tlsCertProvider", "self", "{self|external} self: dynamically crete client certificates, external: provide client certificate and key with --tlsCertPath")
 	logCmd.Flags().BoolVar(&logOptions.ReadCAFromSecret, "readCAFromSecret", true, "true if ca cert to be read from k8s secret on cluster running kubearmor")
diff --git a/log/log.go b/log/log.go
index 10b35329..490215d9 100644
--- a/log/log.go
+++ b/log/log.go
@@ -40,7 +40,7 @@ var (
 // Options Structure
 type Options struct {
 	GRPC             string
-	Insecure         bool
+	Secure           bool
 	TlsCertPath      string
 	TlsCertProvider  string
 	ReadCAFromSecret bool
@@ -155,11 +155,11 @@ func StartObserver(c *k8s.Client, o Options) error {
 	// create client
 	logClient, err := NewClient(gRPC, o, c.K8sClientset)
 	if err != nil {
-		if o.Insecure && !isDialingError(err) {
+		if !o.Secure && !isDialingError(err) {
 			// retry connecting to the server on secured channel
 			fmt.Fprintf(os.Stderr, "Failed to connect on insecure channel\n(%s)\n", err)
 			fmt.Fprint(os.Stderr, "Trying to reconnect using secured channel...\n")
-			o.Insecure = false
+			o.Secure = true
 			logClient, err = NewClient(gRPC, o, c.K8sClientset)
 			if err != nil {
 				return fmt.Errorf("unable to create log client, error=%s", err)
@@ -180,7 +180,7 @@ func StartObserver(c *k8s.Client, o Options) error {
 	if o.MsgPath != "none" {
 		// watch messages
 		go logClient.WatchMessages(o.MsgPath, o.JSON)
-		fmt.Fprintln(os.Stdout, "Started to watch messages")
+		fmt.Fprintln(os.Stderr, "Started to watch messages")
 	}
 
 	err = regexCompile(o)
@@ -194,7 +194,7 @@ func StartObserver(c *k8s.Client, o Options) error {
 		if o.LogFilter == "all" || o.LogFilter == "policy" {
 			// watch alerts
 			go logClient.WatchAlerts(o)
-			fmt.Fprintln(os.Stdout, "Started to watch alerts")
+			fmt.Fprintln(os.Stderr, "Started to watch alerts")
 		}
 
 		if o.LogFilter == "all" || o.LogFilter == "system" {
diff --git a/log/logClient.go b/log/logClient.go
index 5bdba057..e5235656 100644
--- a/log/logClient.go
+++ b/log/logClient.go
@@ -113,7 +113,7 @@ func NewClient(server string, o Options, c kubernetes.Interface) (*Feeder, error
 	fd.limit = o.Limit
 
 	var creds credentials.TransportCredentials
-	if !o.Insecure {
+	if o.Secure {
 		tlsCreds, err := loadTLSCredentials(c, o)
 		if err != nil {
 			return nil, err