From 252fb2427d9b2e659050fff0f3fec54503a0b18f Mon Sep 17 00:00:00 2001 From: arik Date: Thu, 22 Jan 2026 09:14:30 +0200 Subject: [PATCH] fix: Add tls-server-name support for Teleport and similar proxies This fix adds support for the `tls-server-name` field from kubeconfig, which is required when connecting to Kubernetes clusters through proxies like Teleport that use SNI-based routing. When Teleport is used, the server URL hostname differs from the TLS certificate's expected hostname. The `tls-server-name` field tells the client which hostname to use for SNI during TLS negotiation. Without this fix, SSL certificate verification fails because the client uses the server URL hostname instead of the required SNI name. Fixes #495 --- .../core/integrations/kubernetes/config_patch.py | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/robusta_krr/core/integrations/kubernetes/config_patch.py b/robusta_krr/core/integrations/kubernetes/config_patch.py index 81cd108b..f295fd4a 100644 --- a/robusta_krr/core/integrations/kubernetes/config_patch.py +++ b/robusta_krr/core/integrations/kubernetes/config_patch.py @@ -16,23 +16,28 @@ def _load_cluster_info(self): if "proxy-url" in self._cluster: self.proxy = self._cluster["proxy-url"] + if "tls-server-name" in self._cluster: + self.tls_server_name = self._cluster["tls-server-name"] + def _set_config(self, client_configuration: Configuration): super()._set_config(client_configuration) - key = "proxy" - if key in self.__dict__: - setattr(client_configuration, key, getattr(self, key)) + for key in ("proxy", "tls_server_name"): + if key in self.__dict__: + setattr(client_configuration, key, getattr(self, key)) class Configuration(configuration.Configuration): def __init__( self, proxy: Optional[str] = None, + tls_server_name: Optional[str] = None, **kwargs, ): super().__init__(**kwargs) self.proxy = proxy + self.tls_server_name = tls_server_name configuration.Configuration = Configuration