autoconf - add KUBERNETES_VERIFY_SSL env var

bunkerity · Oct 28, 2024 · 5f8bc4e · 5f8bc4e
1 parent 8925e5c
commit 5f8bc4e
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 0 deletions.
diff --git a/docs/integrations.md b/docs/integrations.md
@@ -746,6 +746,9 @@ Given the presence of multiple BunkerWeb instances, it is necessary to establish
 
 Please ensure that the autoconf services have access to the Kubernetes API. It is recommended to utilize [RBAC authorization](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) for this purpose.
 
+!!! warn "Custom CA for Kubernetes API"
+    At the moment, using a custom CA for the Kubernetes API is not supported by the autoconf. The only workaround available is to disable certificate verification by setting the `KUBERNETES_SSL_VERIFY` environment variable of the autoconf to `no` (default is `yes`).
+
 Additionally, **it is crucial to set the `KUBERNETES_MODE` environment variable to `yes` when utilizing the Kubernetes integration**. This variable is mandatory for proper functionality.
 
 To assist you, here is a YAML boilerplate that can serve as a foundation for your configuration:

diff --git a/src/autoconf/IngressController.py b/src/autoconf/IngressController.py
@@ -17,6 +17,7 @@ def __init__(self):
         self.__internal_lock = Lock()
         super().__init__("kubernetes")
         config.load_incluster_config()
+        config.verify_ssl = getenv("KUBERNETES_VERIFY_SSL", "yes") == "yes"
         self.__corev1 = client.CoreV1Api()
         self.__networkingv1 = client.NetworkingV1Api()
         self.__use_fqdn = getenv("USE_KUBERNETES_FQDN", "yes").lower() == "yes"