cba79cde35
MeshCentral was failing to start with "Zipencryptionmodule failed" error because the service tried to fetch TLS certificates from an HTTPS endpoint during bootstrap. When using TLSOffload (reverse proxy terminating TLS), MeshCentral should not attempt to load certificates. Root cause: The existing config.json had "certUrl" set to HTTPS, causing MeshCentral to try fetching the certificate during startup. Since the pod was bootstrapping, this failed and cascaded into the Zipencryptionmodule failure. Fix: Add init container that runs before the main container to disable the certUrl by prefixing it with underscore (MeshCentral's convention for disabled settings). The sed command ensures the fix applies to both new and existing config.json files. This ensures MeshCentral behaves correctly with TLSOffload enabled: - Runs in plain HTTP mode on port 443 - Traefik/Ingress handles HTTPS termination - No certificate bootstrap failures |
||
|---|---|---|
| .. | ||
| .terraform.lock.hcl | ||
| backend.tf | ||
| main.tf | ||
| providers.tf | ||
| secrets | ||
| terragrunt.hcl | ||
| tiers.tf | ||