Security Issue: default setting for tls.config is InsecureSkipVerify: true

[KaiyiLiu1234]

What happened?

According to this Instance 1 and Instance 2, we default set InsecureSkipVerify to true.

What did you expect to happen?

By default, we should not be skipping sslverification as this can lead to a security breach.

How can we reproduce it (as minimally and precisely as possible)?

Code by default has set InsecureSkipVerify to true.

Anything else we need to know?

No response

Kepler image tag

latest

Kubernetes version

$ kubectl version
# paste output here

Cloud provider or bare metal

all

OS version

# On Linux:
$ cat /etc/os-release
# paste output here
$ uname -a
# paste output here

# On Windows:
C:\> wmic os get Caption, Version, BuildNumber, OSArchitecture
# paste output here

Install tools

Kepler deployment config

For on kubernetes:

$ KEPLER_NAMESPACE=kepler

# provide kepler configmap
$ kubectl get configmap kepler-cfm -n ${KEPLER_NAMESPACE}
# paste output here

# provide kepler deployment description
$ kubectl describe deployment kepler-exporter -n ${KEPLER_NAMESPACE}

For standalone:

put your Kepler command argument here

Container runtime (CRI) and version (if applicable)

Related plugins (CNI, CSI, ...) and versions (if applicable)