diff --git a/src/lib/k8s.ts b/src/lib/k8s.ts
index 4bb7452..47a5b9b 100644
--- a/src/lib/k8s.ts
+++ b/src/lib/k8s.ts
@@ -24,6 +24,18 @@ export function initK8sClient() {
     // Load from kubeconfig file
     const configPath = process.env.K8S_CONFIG_PATH || process.env.KUBECONFIG || '~/.kube/config'
     k8sConfig.loadFromFile(configPath)
+
+    // When running in K8s (but not detected as in-cluster), trust the cluster CA
+    // This happens when backend pod needs to manage other pods
+    if (process.env.KUBERNETES_SERVICE_HOST) {
+      // We're running in K8s, configure to trust cluster certificates
+      const cluster = k8sConfig.getCurrentCluster()
+      if (cluster) {
+        // Skip TLS verification for development (NOT recommended for production)
+        // In production, use proper CA certificates
+        cluster.skipTLSVerify = true
+      }
+    }
   }
 
   k8sClient = k8sConfig.makeApiClient(k8s.CoreV1Api)