Fix: Apply skipTLSVerify in loadFromCluster mode
All checks were successful
Build and Push Backend / build (push) Successful in 5s
All checks were successful
Build and Push Backend / build (push) Successful in 5s
When K8S_IN_CLUSTER=true, backend uses loadFromCluster() which needs skipTLSVerify to work with self-signed cluster certificates. Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
This commit is contained in:
Hector Ros
@@ -20,22 +20,18 @@ export function initK8sClient() {
|
||||
|
||||
if (inCluster) {
|
||||
k8sConfig.loadFromCluster()
|
||||
|
||||
// Skip TLS verification when in cluster
|
||||
// This is needed because the cluster uses self-signed certificates
|
||||
const cluster = k8sConfig.getCurrentCluster()
|
||||
if (cluster) {
|
||||
cluster.skipTLSVerify = true
|
||||
console.log('🔓 K8s client configured to skip TLS verification (in-cluster mode)')
|
||||
}
|
||||
} else {
|
||||
// Load from kubeconfig file
|
||||
const configPath = process.env.K8S_CONFIG_PATH || process.env.KUBECONFIG || '~/.kube/config'
|
||||
k8sConfig.loadFromFile(configPath)
|
||||
|
||||
// When running in K8s (but not detected as in-cluster), trust the cluster CA
|
||||
// This happens when backend pod needs to manage other pods
|
||||
if (process.env.KUBERNETES_SERVICE_HOST) {
|
||||
// We're running in K8s, configure to trust cluster certificates
|
||||
const cluster = k8sConfig.getCurrentCluster()
|
||||
if (cluster) {
|
||||
// Skip TLS verification for development (NOT recommended for production)
|
||||
// In production, use proper CA certificates
|
||||
cluster.skipTLSVerify = true
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
k8sClient = k8sConfig.makeApiClient(k8s.CoreV1Api)
|
||||
|
||||
Reference in New Issue
Block a user