From 2a582e19360b36695b2b6e1b0857465942b91f12 Mon Sep 17 00:00:00 2001
From: andersonid <nobre.it@gmail.com>
Date: Mon, 29 Sep 2025 10:44:08 -0300
Subject: [PATCH] Fix: SSL connection to Kubernetes API and make deployment
 cluster-agnostic

---
 .gitignore                    |  3 +++
 app/core/kubernetes_client.py | 16 ++++++++++++++--
 k8s/deployment.yaml           |  8 +++-----
 3 files changed, 20 insertions(+), 7 deletions(-)

diff --git a/.gitignore b/.gitignore
index 3234515..6ea253b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -159,3 +159,6 @@ kubeconfig
 
 # Docker
 .dockerignore
+
+# MCP
+.playwright-mcp/
\ No newline at end of file
diff --git a/app/core/kubernetes_client.py b/app/core/kubernetes_client.py
index 6e65f0e..687f6ac 100644
--- a/app/core/kubernetes_client.py
+++ b/app/core/kubernetes_client.py
@@ -41,11 +41,23 @@ class K8sClient:
                         with open('/var/run/secrets/kubernetes.io/serviceaccount/namespace', 'r') as f:
                             namespace = f.read().strip()
                         
-                        # Create configuration with token
+                        # Create configuration with token and handle SSL properly
                         configuration = client.Configuration()
                         configuration.host = f"https://kubernetes.default.svc"
-                        configuration.ssl_ca_cert = '/var/run/secrets/kubernetes.io/serviceaccount/ca.crt'
                         configuration.api_key = {"authorization": f"Bearer {token}"}
+                        
+                        # Try to use CA cert, but disable SSL verification if not available
+                        try:
+                            with open('/var/run/secrets/kubernetes.io/serviceaccount/ca.crt', 'r') as f:
+                                ca_cert = f.read().strip()
+                            if ca_cert:
+                                configuration.ssl_ca_cert = '/var/run/secrets/kubernetes.io/serviceaccount/ca.crt'
+                                configuration.verify_ssl = True
+                            else:
+                                configuration.verify_ssl = False
+                        except:
+                            configuration.verify_ssl = False
+                        
                         client.Configuration.set_default(configuration)
                         
                     except FileNotFoundError:
diff --git a/k8s/deployment.yaml b/k8s/deployment.yaml
index d7cf687..0b5e0c2 100644
--- a/k8s/deployment.yaml
+++ b/k8s/deployment.yaml
@@ -24,15 +24,13 @@ spec:
         app.kubernetes.io/component: governance
     spec:
       serviceAccountName: resource-governance-sa
-      imagePullSecrets:
-      - name: docker-hub-secret
+      # imagePullSecrets:
+      # - name: docker-hub-secret
       securityContext:
         runAsNonRoot: true
-        runAsUser: 1000940000
-        fsGroup: 1000940000
       containers:
       - name: resource-governance
-        image: andersonid/openshift-resource-governance:latest
+        image: andersonid/resource-governance:latest
         imagePullPolicy: Always
         ports:
         - containerPort: 8080