We currently use NODE_TLS_REJECT_UNAUTHORIZED in the ref impl here:
|
- name: NODE_TLS_REJECT_UNAUTHORIZED |
We should remove that and trust the cert idpbuilder issues instead. i.e.
apiVersion: apps/v1
kind: Deployment
metadata:
name: backstage
namespace: backstage
spec:
spec:
containers:
- command:
- node
- packages/backend
- --config
- config/app-config.yaml
env:
- name: LOG_LEVEL
value: debug
- name: NODE_EXTRA_CA_CERTS
value: "/app/config/ca.crt"
envFrom:
- secretRef:
name: backstage-env-vars
- secretRef:
name: gitea-credentials
- secretRef:
name: argocd-credentials
image: ghcr.io/cnoe-io/backstage-app:135c0cb26f3e004a27a11edb6a4779035aff9805
name: backstage
ports:
- containerPort: 7007
name: http
volumeMounts:
- mountPath: /app/config
name: backstage-config
readOnly: true
serviceAccountName: backstage
volumes:
- name: backstage-config
projected:
sources:
- secret:
name: idpbuilder-cert
items:
- key: ca.crt
path: ca.crt
- configMap:
items:
- key: app-config.yaml
path: app-config.yaml
name: backstage-config
- secret:
items:
- key: k8s-config.yaml
path: k8s-config.yaml
name: k8s-config
We currently use
NODE_TLS_REJECT_UNAUTHORIZEDin the ref impl here:stacks/ref-implementation/backstage/manifests/install.yaml
Line 257 in 2b12c4d
We should remove that and trust the cert idpbuilder issues instead. i.e.