TLS certificate not trusted from within K8S pods

[guyguy333]

Describe the bug

When attempting to access an Ingress with TLS enabled from within a pod in a Kubernetes cluster, the TLS certificate is reported as invalid. The same Ingress can be accessed without issues from the host machine using https://myingress.k8s.orb.local/

To Reproduce

1. Install Orbstack version 1.8.2.
2. Enable Kubernetes in Orbstack.
3. Install the Nginx Ingress Controller.
4. Deploy an Ingress resource with TLS enabled (no secret)
5. Deploy a pod with a shell (e.g., using an image like alpine/curl).
6. Inside the pod, execute a curl command to the host specified in the Ingress resource using HTTPS.

kubectl run shell --image=alpine/curl --restart=Never --command -- curl https://myingress.k8s.orb.local/

Result:

curl: (60) SSL peer certificate or SSH remote key was not OK
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the webpage mentioned above.

Expected behavior

The TLS certificate should be trusted by pods within the Kubernetes cluster

Diagnostic report (REQUIRED)

OrbStack info:
Version: 1.8.2
Commit: 44cf8269710cd29802bfee176a7cec65b55cc822 (v1.8.2)

System info:
macOS: 15.1 (24B83)
CPU: arm64, 10 cores
CPU model: Apple M1 Pro
Model: MacBookPro18,3
Memory: 32 GiB

Full report: https://orbstack.dev/_admin/diag/orbstack-diagreport_2024-11-20T18-01-30.624938Z.zip

Screenshots and additional context (optional)

No response

[marvinscharle]

We have the same issue and it impacts our entire team. We have currently downgraded to 1.8.0.

From our perspective, a potential solution is to add the option to disable the Orbstack CA.