add AGENT_TLS_INSECURE to enable Insecure TLS mode

Dockerfile

@@ -32,7 +32,7 @@ RUN cat /go/src/github.com/kerberos-io/agent/machinery/version
 
 RUN cd /go/src/github.com/kerberos-io/agent/machinery && \
 	go mod download && \
-	go build -tags timetzdata,netgo --ldflags '-s -w -extldflags "-static -latomic"' main.go && \
+	go build -tags timetzdata,netgo,osusergo --ldflags '-s -w -extldflags "-static -latomic"' main.go && \
 	mkdir -p /agent && \
 	mv main /agent && \
 	mv version /agent && \

README.md

@@ -80,7 +80,7 @@ If you want to connect to an USB or Raspberry Pi camera, [you'll need to run our
 
 Run Kerberos Agent with [Balena Cloud](https://www.balena.io/) super powers. Monitor your Kerberos Agent with seamless remote access, over the air updates, an encrypted public `https` endpoint and many more. Checkout our application `video-surveillance` on [Balena Hub](https://hub.balena.io/apps/2064752/video-surveillance), and create your first or fleet of Kerberos Agent(s).
 
-[![deploy with balena](https://balena.io/deploy.svg)](https://dashboard.balena-cloud.com/deploy?repoUrl=https://github.com/kerberos-io/agent)
+[![deploy with balena](https://balena.io/deploy.svg)](https://dashboard.balena-cloud.com/deploy?repoUrl=https://github.com/kerberos-io/balena-agent)
 
 ## A world of Kerberos Agents
 
@@ -119,7 +119,7 @@ We have documented the different deployment models [in the `deployments` directo
 - [Red Hat OpenShift with Ansible](https://github.com/kerberos-io/agent/tree/master/deployments#4-red-hat-ansible-and-openshift)
 - [Terraform](https://github.com/kerberos-io/agent/tree/master/deployments#5-terraform)
 - [Salt](https://github.com/kerberos-io/agent/tree/master/deployments#6-salt)
-- [Balena](https://github.com/kerberos-io/agent/tree/master/deployments#1-balena)
+- [Balena](https://github.com/kerberos-io/agent/tree/master/deployments#8-balena)
 
 By default your Kerberos Agents will store all its configuration and recordings inside the container. To help you automate and have a more consistent data governance, you can attach volumes to configure and persist data of your Kerberos Agents, and/or configure each Kerberos Agent through environment variables.
 
@@ -164,6 +164,7 @@ Next to attaching the configuration file, it is also possible to override the co
 | Name                                    | Description                                                                                     | Default Value                  |
 | --------------------------------------- | ----------------------------------------------------------------------------------------------- | ------------------------------ |
 | `AGENT_MODE`                            | You can choose to run this in 'release' for production, and or 'demo' for showcasing.           | "release"                      |
+| `AGENT_TLS_INSECURE`                    | Specify if you want to use `InsecureSkipVerify` for the internal HTTP client.                   | "false"                        |
 | `AGENT_USERNAME`                        | The username used to authenticate against the Kerberos Agent login page.                        | "root"                         |
 | `AGENT_PASSWORD`                        | The password used to authenticate against the Kerberos Agent login page.                        | "root"                         |
 | `AGENT_KEY`                             | A unique identifier for your Kerberos Agent, this is auto-generated but can be overriden.       | ""                             |

deployments/balena/README.md

@@ -4,14 +4,12 @@ Balena Cloud provide a seamless way of building and deploying applications at sc
 
 We provide two mechanisms to deploy Kerberos Agent to a Balena Cloud fleet:
 
-1. Use Kerberos Agent as [a block part of your larger application](https://github.com/kerberos-io/balena-agent-block).
-2. Use Kerberos Agent as [a stand-a-lone application](https://github.com/kerberos-io/balena-agent).
+1. Use Kerberos Agent as [a block part of your application](https://github.com/kerberos-io/balena-agent-block).
+2. Use Kerberos Agent as [a stand-alone application](https://github.com/kerberos-io/balena-agent).
 
 ## Block
 
-Within Balena you can build the concept of a block, which is the equivalent of container image or a function in a typical programming language.
-
-The idea of blocks, you can find a more thorough explanation [here](https://docs.balena.io/learn/develop/blocks/), is that you can compose and combine multiple `blocks` to level up to the concept an `app`.
+Within Balena you can build the concept of a block, which is the equivalent of container image or a function in a typical programming language. The idea of blocks, you can find a more thorough explanation [here](https://docs.balena.io/learn/develop/blocks/), is that you can compose and combine multiple `blocks` to level up to the concept an `app`.
 
 You as a developer can choose which `blocks` you would like to use, to build the desired `application` state you prefer. For example you can use the [Kerberos Agent block](https://hub.balena.io/blocks/2064662/agent) to compose a video surveillance system as part of your existing set of blocks.
 
@@ -19,3 +17,15 @@ You can the `Kerberos Agent` block by defining following elements in your `compo
 
     agent:
         image: bh.cr/kerberos_io/agent
+
+## App
+
+Next to building individual `blocks` you as a developer can also decide to build up an application, composed of one or more `blocks` or third-party containers, and publish it as an `app` to the Balena Hub. This is exactly [what we've done..](https://hub.balena.io/apps/2064752/video-surveillance)
+
+On Balena Hub we have created the []`video-surveillance` application](https://hub.balena.io/apps/2064752/video-surveillance) that utilises the [Kerberos Agent `block`](https://hub.balena.io/blocks/2064662/agent). The idea of this application is that utilises the foundation of our Kerberos Agent, but that it might include more `blocks` over time to increase and improve functionalities from other community projects.
+
+To deploy the application you can simply press below `Deploy button` or you can navigate to the [Balena Hub apps page](https://hub.balena.io/apps/2064752/video-surveillance).
+
+[![deploy with balena](https://balena.io/deploy.svg)](https://dashboard.balena-cloud.com/deploy?repoUrl=https://github.com/kerberos-io/agent)
+
+You can find the source code, `balena.yaml` and `docker-compose.yaml` files in the [`balena-agent` repository](https://github.com/kerberos-io/balena-agent).

machinery/src/cloud/Cloud.go

@@ -2,6 +2,7 @@ package cloud
 
 import (
 	"bytes"
+	"crypto/tls"
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
@@ -352,7 +353,16 @@ loop:
 				req, _ := http.NewRequest("POST", url, buffy)
 				req.Header.Set("Content-Type", "application/json")
 
-				client := &http.Client{}
+				var client *http.Client
+				if os.Getenv("AGENT_TLS_INSECURE") == "true" {
+					tr := &http.Transport{
+						TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+					}
+					client = &http.Client{Transport: tr}
+				} else {
+					client = &http.Client{}
+				}
+
 				resp, err := client.Do(req)
 				if resp != nil {
 					resp.Body.Close()
@@ -374,8 +384,6 @@ loop:
 					buffy = bytes.NewBuffer(jsonStr)
 					req, _ = http.NewRequest("POST", vaultURI+"/devices/heartbeat", buffy)
 					req.Header.Set("Content-Type", "application/json")
-
-					client = &http.Client{}
 					resp, err = client.Do(req)
 					if resp != nil {
 						resp.Body.Close()
@@ -550,7 +558,15 @@ func VerifyHub(c *gin.Context) {
 		if err == nil {
 			req.Header.Set("X-Kerberos-Hub-PublicKey", publicKey)
 			req.Header.Set("X-Kerberos-Hub-PrivateKey", privateKey)
-			client := &http.Client{}
+			var client *http.Client
+			if os.Getenv("AGENT_TLS_INSECURE") == "true" {
+				tr := &http.Transport{
+					TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+				}
+				client = &http.Client{Transport: tr}
+			} else {
+				client = &http.Client{}
+			}
 
 			resp, err := client.Do(req)
 			if err == nil {
@@ -649,7 +665,15 @@ func VerifyPersistence(c *gin.Context) {
 				req.Header.Set("X-Kerberos-Hub-PrivateKey", config.HubPrivateKey)
 				req.Header.Set("X-Kerberos-Hub-Region", config.S3.Region)
 
-				client := &http.Client{}
+				var client *http.Client
+				if os.Getenv("AGENT_TLS_INSECURE") == "true" {
+					tr := &http.Transport{
+						TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+					}
+					client = &http.Client{Transport: tr}
+				} else {
+					client = &http.Client{}
+				}
 
 				resp, err := client.Do(req)
 				if resp != nil {
@@ -689,7 +713,16 @@ func VerifyPersistence(c *gin.Context) {
 
 			if err == nil && uri != "" && accessKey != "" && secretAccessKey != "" {
 
-				client := &http.Client{}
+				var client *http.Client
+				if os.Getenv("AGENT_TLS_INSECURE") == "true" {
+					tr := &http.Transport{
+						TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+					}
+					client = &http.Client{Transport: tr}
+				} else {
+					client = &http.Client{}
+				}
+
 				req, err := http.NewRequest("POST", uri+"/ping", nil)
 				req.Header.Add("X-Kerberos-Storage-AccessKey", accessKey)
 				req.Header.Add("X-Kerberos-Storage-SecretAccessKey", secretAccessKey)
@@ -731,7 +764,15 @@ func VerifyPersistence(c *gin.Context) {
 								req.Header.Set("X-Kerberos-Storage-Capture", "IPCamera")
 								req.Header.Set("X-Kerberos-Storage-Directory", directory)
 
-								client := &http.Client{}
+								var client *http.Client
+								if os.Getenv("AGENT_TLS_INSECURE") == "true" {
+									tr := &http.Transport{
+										TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+									}
+									client = &http.Client{Transport: tr}
+								} else {
+									client = &http.Client{}
+								}
 
 								resp, err := client.Do(req)
 

machinery/src/cloud/KerberosHub.go

@@ -1,6 +1,7 @@
 package cloud
 
 import (
+	"crypto/tls"
 	"errors"
 	"io/ioutil"
 	"net/http"
@@ -62,7 +63,15 @@ func UploadKerberosHub(configuration *models.Configuration, fileName string) (bo
 	req.Header.Set("X-Kerberos-Hub-PrivateKey", config.HubPrivateKey)
 	req.Header.Set("X-Kerberos-Hub-Region", config.S3.Region)
 
-	client := &http.Client{}
+	var client *http.Client
+	if os.Getenv("AGENT_TLS_INSECURE") == "true" {
+		tr := &http.Transport{
+			TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+		}
+		client = &http.Client{Transport: tr}
+	} else {
+		client = &http.Client{}
+	}
 
 	resp, err := client.Do(req)
 	if resp != nil {
@@ -96,9 +105,6 @@ func UploadKerberosHub(configuration *models.Configuration, fileName string) (bo
 	req.Header.Set("X-Kerberos-Hub-PublicKey", config.HubKey)
 	req.Header.Set("X-Kerberos-Hub-PrivateKey", config.HubPrivateKey)
 	req.Header.Set("X-Kerberos-Hub-Region", config.S3.Region)
-
-	client = &http.Client{}
-
 	resp, err = client.Do(req)
 	if resp != nil {
 		defer resp.Body.Close()

machinery/src/cloud/KerberosVault.go

@@ -1,6 +1,7 @@
 package cloud
 
 import (
+	"crypto/tls"
 	"errors"
 	"io/ioutil"
 	"net/http"
@@ -67,7 +68,16 @@ func UploadKerberosVault(configuration *models.Configuration, fileName string) (
 	req.Header.Set("X-Kerberos-Storage-Device", config.Key)
 	req.Header.Set("X-Kerberos-Storage-Capture", "IPCamera")
 	req.Header.Set("X-Kerberos-Storage-Directory", config.KStorage.Directory)
-	client := &http.Client{}
+
+	var client *http.Client
+	if os.Getenv("AGENT_TLS_INSECURE") == "true" {
+		tr := &http.Transport{
+			TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+		}
+		client = &http.Client{Transport: tr}
+	} else {
+		client = &http.Client{}
+	}
 
 	resp, err := client.Do(req)
 	if resp != nil {

machinery/src/database/main.go

@@ -28,10 +28,10 @@ func New() *mongo.Client {
 	password := os.Getenv("MONGODB_PASSWORD")
 	authentication := "SCRAM-SHA-256"
 
-	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
-	defer cancel()
-
 	_init_ctx.Do(func() {
+		ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+		defer cancel()
+
 		_instance = new(DB)
 		mongodbURI := fmt.Sprintf("mongodb://%s:%s@%s", username, password, host)
 		if replicaset != "" {