Too much struggles, I need to share.

Need: GET/POST on https://ip_cluster_/apis/v1/xxx from the dev_appserver (for local testing)

Error: Invalid and/or missing SSL certificate for URL

Cause: the k8s cluster endpoint use a autosigned certificate

Tries:

• Use a Let's Encrypt certificate with ingress. Fails because Let's encrypt needs a DNS
• Asks to AppEngine to do an unsecure connexion : globally with PYTHONHTTPSVERIFY: 0 in main.app and locally with validate_certificate=None with url_fetch or verify=False with requests. Fails because unsecure SSL connexion with autosigned certificate is not allowed in AppEngine. PR : https://github.com/GoogleCloudPlatform/python-compat-runtime/pull/124
• Get cert/key from https://container.googleapis.com/v1beta1/projects/<my-gcp-project>/locations/<location>/clusters/<my-cluster>, decode base64, write in files, use them with cert=('cluster_k8s.cert', 'cluster_k8s.key') in requests. Fails because local certs support is disabled in AppEngine. Using them with curl works just fine. Obviously.
• Get cert/key like above and add them as custom certs in google cloud sdk: gcloud config set core/custom_ca_certs_file=my_cert.pem. Fails because life is hard.
• Get cert/key like above and append them to the google cloud sdk one: cd /usr/lib/google-cloud-sdk/platform/google_appengine/lib/cacerts/ cat my_cert >> urlfetch_cacerts.txt Fails because life is even harder.