selfhostyourtech/reflector
2
0
Fork 0
mirror of https://github.com/Monadical-SAS/reflector.git synced 2026-04-14 09:16:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: grpc tls for local hatchet (#937)

Browse Source
This commit is contained in:
Juan Diego García
2026-03-30 17:46:23 -05:00
committed by GitHub
parent e3cc646cf5
commit a22789d548
3 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
docsv2/custom-ca-setup.md
View File

@@ -199,7 +199,8 @@ Each backend container (server, worker, beat, hatchet workers, GPU) has an entry
| `SSL_CERT_FILE` | httpx, OpenAI SDK, llama-index, Python ssl module |
| `REQUESTS_CA_BUNDLE` | requests library (transitive dependencies) |
| `CURL_CA_BUNDLE` | curl CLI (container healthchecks) |
| `GRPC_DEFAULT_SSL_ROOTS_FILE_PATH` | grpcio (Hatchet gRPC client) |
Note: `GRPC_DEFAULT_SSL_ROOTS_FILE_PATH` is intentionally NOT set. Setting it causes grpcio to attempt TLS on internal Hatchet gRPC connections that run without TLS, resulting in handshake failures. The internal Hatchet connection uses `HATCHET_CLIENT_TLS_STRATEGY=none` (plaintext).
When no CA cert is mounted, the entrypoint is a no-op — containers behave exactly as before.