kubectl-ai
kubectl-ai copied to clipboard
GoogleCloudPlatform
LLM Self Signed Certificate
Hi Everybody!,
I'm using kubectl-ai to connect to a self-hosted OpenWebUI (with Ollama backend) which uses a self-signed certificate that I can't change.
Setup:
Client: kubectl-ai on windows 10
Server: Self-hosted OpenWebUI/Ollama with a self-signed certificate.
Endpoint: https://<webui-address>/ollama
Provider Type (in client): openai
Issue:
Running commands results in:
OpenAI ChatCompletion API error: Post "https://<webui-address>/ollama/chat/completions:" tls: failed to verify certificate: x509: certificate signed by unknown authority
Feature Request:
Could you please add support for environments with self-signed certificates? This would be very helpful for self-hosted setups. Options could include:
Ignore TLS Verification: A flag like --insecure or --skip-tls-verify. Custom CA Path: A flag like --ca-bundle <path-to-ca.pem> or an environment variable to specify a trusted CA. This would enable users to connect to self-hosted services like Ollama/OpenWebUI in private or testing environments.
Thanks!
Thanks @RGanor for sharing the use-case with details. We will try to get this addressed it this week.
The company has its own internally developed LLM Proxy, which uses a private certificate. Therefore, it requires a skip-verify SSL approach; otherwise, the following error message will occur:
Error: simulated streaming failed during non-streaming call: OpenAI chat completion failed: Post "https://example.com/v1/chat/completions": tls: failed to verify certificate: x509: “example.com” certificate is not standards compliant
Thanks @appleboy for the fix. @RGanor would be great if you can try out this https://github.com/GoogleCloudPlatform/kubectl-ai/pull/217 and confirm if it fixes the issue for you.
@tuannvm @droot i think #207 override the changes made #217 PR. can you have a look on it?
@RGanor, I created a new PR to resolve the OpenAI provider. See the https://github.com/GoogleCloudPlatform/kubectl-ai/pull/243