[v0.30] ENGPLAT-399 Add --secure flag for TLS verification (#3781)#3799
Merged
Conversation
* ENGPLAT-399 respect platform insecure config
fix: respect platform insecure config instead of hardcoding InsecureSkipVerify
Thread config.Platform.Insecure through all call sites so
TLS verification is on by default and only skipped when the user
explicitly opts in via --insecure.
Closes ENGPLAT-399
* fix: preserve insecure TLS fallback during platform bootstrap
The start command is the bootstrap flow — the platform always serves a
self-signed certificate at this stage. Rather than reading
config.Platform.Insecure (which defaults to false for fresh installs and
has no --insecure flag on `vcluster platform start`), bootstrap probes
and login should handle self-signed certs directly:
- Readiness probes (port-forward, router, reachability) always skip TLS
verification since they are unauthenticated health checks against a
just-installed instance
- Login tries secure first, falls back to insecure on TLS error, and
persists the decision to config for future CLI operations
The Transport(insecure), IsLoftReachable(insecure), and clihelper/http
test additions from the original PR are preserved — post-bootstrap
commands (login, connect) still respect config.Platform.Insecure.
* Revert " fix: preserve insecure TLS fallback during platform bootstrap"
This reverts commit d5181a1.
* feat: add --insecure flag to vcluster platform start
Allows users to skip TLS certificate verification during bootstrap when
the platform serves a self-signed certificate. The flag sets
config.Platform.Insecure in memory so all downstream health checks and
login calls respect it, and LoginWithAccessKey persists the value for
future CLI operations.
* Switch flag from insecure to secure
Defaults to current insecure behavior to preserve current bootstrapping
functionality.
(cherry picked from commit 1499106)
# Conflicts:
# .github/workflows/lint.yaml
# cmd/vclusterctl/cmd/platform/start.go
# cmd/vclusterctl/cmd/platform/start_test.go
# pkg/cli/start/login.go
loft-bot
requested review from
a team,
FabianKramm,
Piotr1215 and
sydorovdmytro
as code owners
3 tasks
Contributor
Author
Unresolved Merge Conflicts DetectedThis PR contains unresolved merge conflict markers. Please resolve them before merging. Conflicted Files |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 42f9c0c8f8
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
rlmcpherson
force-pushed
the
backport/v0.30/pr-3781
branch
from
885ffdd to
80f3811
Compare
rlmcpherson
force-pushed
the
backport/v0.30/pr-3781
branch
from
c36e522 to
c9104ea
Compare
rlmcpherson
approved these changes
Apr 7, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Backport from
maintov0.30Original PR Nr.: #3781
Backported Commits:
fix: respect platform insecure config instead of hardcoding InsecureSkipVerify
Thread config.Platform.Insecure through all call sites so
TLS verification is on by default and only skipped when the user
explicitly opts in via --insecure.
Closes ENGPLAT-399
fix: preserve insecure TLS fallback during platform bootstrap
The start command is the bootstrap flow — the platform always serves a
self-signed certificate at this stage. Rather than reading
config.Platform.Insecure (which defaults to false for fresh installs and
has no --insecure flag on `vcluster platform start`), bootstrap probes
and login should handle self-signed certs directly:
verification since they are unauthenticated health checks against a
just-installed instance
persists the decision to config for future CLI operations
The Transport(insecure), IsLoftReachable(insecure), and clihelper/http
test additions from the original PR are preserved — post-bootstrap
commands (login, connect) still respect config.Platform.Insecure.
Revert " fix: preserve insecure TLS fallback during platform bootstrap"
This reverts commit d5181a1.
feat: add --insecure flag to vcluster platform start
Allows users to skip TLS certificate verification during bootstrap when
the platform serves a self-signed certificate. The flag sets
config.Platform.Insecure in memory so all downstream health checks and
login calls respect it, and LoginWithAccessKey persists the value for
future CLI operations.
Switch flag from insecure to secure
Defaults to current insecure behavior to preserve current bootstrapping
functionality.