anobre/openshift-resource-governance
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix: SSL connection to Kubernetes API and make deployment cluster-agnostic

Browse Source
This commit is contained in:
Anderson
2025-09-29 10:44:08 -03:00
parent cfe3d3006e
commit 2a582e1936
3 changed files with 20 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@@ -159,3 +159,6 @@ kubeconfig
# Docker # Docker
.dockerignore .dockerignore
# MCP
.playwright-mcp/

16
app/core/kubernetes_client.py
View File

@@ -41,11 +41,23 @@ class K8sClient:
with open('/var/run/secrets/kubernetes.io/serviceaccount/namespace', 'r') as f: with open('/var/run/secrets/kubernetes.io/serviceaccount/namespace', 'r') as f:
namespace = f.read().strip() namespace = f.read().strip()
# Create configuration with token # Create configuration with token and handle SSL properly
configuration = client.Configuration() configuration = client.Configuration()
configuration.host = f"https://kubernetes.default.svc" configuration.host = f"https://kubernetes.default.svc"
configuration.ssl_ca_cert = '/var/run/secrets/kubernetes.io/serviceaccount/ca.crt'
configuration.api_key = {"authorization": f"Bearer {token}"} configuration.api_key = {"authorization": f"Bearer {token}"}
# Try to use CA cert, but disable SSL verification if not available
try:
with open('/var/run/secrets/kubernetes.io/serviceaccount/ca.crt', 'r') as f:
ca_cert = f.read().strip()
if ca_cert:
configuration.ssl_ca_cert = '/var/run/secrets/kubernetes.io/serviceaccount/ca.crt'
configuration.verify_ssl = True
else:
configuration.verify_ssl = False
except:
configuration.verify_ssl = False
client.Configuration.set_default(configuration) client.Configuration.set_default(configuration)
except FileNotFoundError: except FileNotFoundError:

8
k8s/deployment.yaml
View File

@@ -24,15 +24,13 @@ spec:
app.kubernetes.io/component: governance app.kubernetes.io/component: governance
spec: spec:
serviceAccountName: resource-governance-sa serviceAccountName: resource-governance-sa
imagePullSecrets: # imagePullSecrets:
- name: docker-hub-secret # - name: docker-hub-secret
securityContext: securityContext:
runAsNonRoot: true runAsNonRoot: true
runAsUser: 1000940000
fsGroup: 1000940000
containers: containers:
- name: resource-governance - name: resource-governance
image: andersonid/openshift-resource-governance:latest image: andersonid/resource-governance:latest
imagePullPolicy: Always imagePullPolicy: Always
ports: ports:
- containerPort: 8080 - containerPort: 8080