diff --git a/packages/libs/lib-k8s/src/index.ts b/packages/libs/lib-k8s/src/index.ts
index 965d515b..8cadfafd 100644
--- a/packages/libs/lib-k8s/src/index.ts
+++ b/packages/libs/lib-k8s/src/index.ts
@@ -1 +1 @@
-export * from './lib/k8s.client.js';
+export * from "./lib/k8s.client.js";
diff --git a/packages/libs/lib-k8s/src/lib/k8s.client.ts b/packages/libs/lib-k8s/src/lib/k8s.client.ts
index 6eabf744..c3116e15 100644
--- a/packages/libs/lib-k8s/src/lib/k8s.client.ts
+++ b/packages/libs/lib-k8s/src/lib/k8s.client.ts
@@ -1,7 +1,7 @@
-import { CoreV1Api, KubeConfig, NetworkingV1Api, V1Ingress, V1Secret } from '@kubernetes/client-node';
-import dns from 'dns';
-import { ILogger } from '@certd/basic';
-import _ from 'lodash-es';
+import { CoreV1Api, KubeConfig, NetworkingV1Api, V1Ingress, V1Secret } from "@kubernetes/client-node";
+import dns from "dns";
+import { ILogger } from "@certd/basic";
+import _ from "lodash-es";
 
 export type K8sClientOpts = {
   kubeConfigStr: string;
@@ -9,6 +9,7 @@ export type K8sClientOpts = {
   //{  [domain]:{ip:'xxx.xx.xxx'} }
   //暂时没用
   lookup?: any;
+  skipTLSVerify?: boolean;
 };
 export class K8sClient {
   kubeconfig!: KubeConfig;
@@ -16,10 +17,12 @@ export class K8sClient {
   lookup!: (hostnameReq: any, options: any, callback: any) => void;
   client!: CoreV1Api;
   logger: ILogger;
+  skipTLSVerify?: boolean;
   constructor(opts: K8sClientOpts) {
     this.kubeConfigStr = opts.kubeConfigStr;
     this.logger = opts.logger;
     this.setLookup(opts.lookup);
+    this.skipTLSVerify = opts.skipTLSVerify;
     this.init();
   }
 
@@ -27,6 +30,18 @@ export class K8sClient {
     const kubeconfig = new KubeConfig();
     kubeconfig.loadFromString(this.kubeConfigStr);
     this.kubeconfig = kubeconfig;
+
+    try {
+      if (this.skipTLSVerify == true) {
+        for (const cluster of kubeconfig.getClusters()) {
+          // @ts-ignore
+          cluster["skipTLSVerify"] = this.skipTLSVerify;
+        }
+      }
+    } catch (e) {
+      this.logger.warn("skipTLSVerify error", e);
+    }
+
     this.client = kubeconfig.makeApiClient(CoreV1Api);
 
     // const reqOpts = { kubeconfig, request: {} } as any;
@@ -47,9 +62,9 @@ export class K8sClient {
       return;
     }
     this.lookup = (hostnameReq: any, options: any, callback: any) => {
-      this.logger.info('custom lookup', hostnameReq, localRecords);
+      this.logger.info("custom lookup", hostnameReq, localRecords);
       if (localRecords[hostnameReq]) {
-        this.logger.info('local record', hostnameReq, localRecords[hostnameReq]);
+        this.logger.info("local record", hostnameReq, localRecords[hostnameReq]);
         callback(null, localRecords[hostnameReq].ip, 4);
       } else {
         dns.lookup(hostnameReq, options, callback);
@@ -63,7 +78,7 @@ export class K8sClient {
    * @returns secretsList
    */
   async getSecrets(opts: { namespace: string }) {
-    const namespace = opts.namespace || 'default';
+    const namespace = opts.namespace || "default";
     return await this.client.listNamespacedSecret(namespace);
   }
 
@@ -73,9 +88,9 @@ export class K8sClient {
    * @returns {Promise<*>}
    */
   async createSecret(opts: { namespace: string; body: V1Secret }) {
-    const namespace = opts.namespace || 'default';
+    const namespace = opts.namespace || "default";
     const created = await this.client.createNamespacedSecret(namespace, opts.body);
-    this.logger.info('new secrets:', opts.body);
+    this.logger.info("new secrets:", opts.body);
     return created.body;
   }
 
@@ -89,24 +104,24 @@ export class K8sClient {
   // }
 
   async patchSecret(opts: { namespace: string; secretName: string; body: V1Secret }) {
-    const namespace = opts.namespace || 'default';
+    const namespace = opts.namespace || "default";
     const secretName = opts.secretName;
     if (secretName == null) {
-      throw new Error('secretName 不能为空');
+      throw new Error("secretName 不能为空");
     }
-    this.logger.info('patch secret:', secretName, namespace);
+    this.logger.info("patch secret:", secretName, namespace);
     const oldSecret = await this.client.readNamespacedSecret(secretName, namespace);
     const newSecret = _.merge(oldSecret.body, opts.body);
     const res = await this.client.replaceNamespacedSecret(secretName, namespace, newSecret);
-    this.logger.info('secret updated');
+    this.logger.info("secret updated");
     return res.body;
   }
 
   async getIngressList(opts: { namespace: string }) {
-    const namespace = opts.namespace || 'default';
+    const namespace = opts.namespace || "default";
     const client = this.kubeconfig.makeApiClient(NetworkingV1Api);
     const res = await client.listNamespacedIngress(namespace);
-    this.logger.info('ingress list get:', res.body);
+    this.logger.info("ingress list get:", res.body);
     return res.body;
   }
 
@@ -122,17 +137,17 @@ export class K8sClient {
   // }
 
   async patchIngress(opts: { namespace: string; ingressName: string; body: V1Ingress }) {
-    const namespace = opts.namespace || 'default';
+    const namespace = opts.namespace || "default";
     const ingressName = opts.ingressName;
     if (!ingressName) {
-      throw new Error('ingressName 不能为空');
+      throw new Error("ingressName 不能为空");
     }
-    this.logger.info('patch ingress:', ingressName, namespace);
+    this.logger.info("patch ingress:", ingressName, namespace);
     const client = this.kubeconfig.makeApiClient(NetworkingV1Api);
     const oldIngress = await client.readNamespacedIngress(ingressName, namespace);
     const newIngress = _.merge(oldIngress.body, opts.body);
     const res = await client.replaceNamespacedIngress(ingressName, namespace, newIngress);
-    this.logger.info('ingress patched', opts.body);
+    this.logger.info("ingress patched", opts.body);
     return res;
   }
 }
diff --git a/packages/ui/certd-server/src/plugins/plugin-tencent/plugin/deploy-to-tke-ingress/index.ts b/packages/ui/certd-server/src/plugins/plugin-tencent/plugin/deploy-to-tke-ingress/index.ts
index cd50e7ae..a1bac91c 100644
--- a/packages/ui/certd-server/src/plugins/plugin-tencent/plugin/deploy-to-tke-ingress/index.ts
+++ b/packages/ui/certd-server/src/plugins/plugin-tencent/plugin/deploy-to-tke-ingress/index.ts
@@ -136,6 +136,18 @@ export class DeployCertToTencentTKEIngressPlugin extends AbstractTaskPlugin {
   ingressName!: string | string[];
 
 
+  @TaskInput({
+    title: "忽略证书校验",
+    required: false,
+    helper: "是否忽略证书校验",
+    component: {
+      name: "a-switch",
+      vModel: "checked",
+    }
+  })
+  skipTLSVerify!:boolean
+
+
   // @TaskInput({ title: "集群内网ip", helper: "如果开启了外网的话，无需设置" })
   // clusterIp!: string;
 
@@ -163,7 +175,8 @@ export class DeployCertToTencentTKEIngressPlugin extends AbstractTaskPlugin {
     this.logger.info("kubeconfig已成功获取");
     const k8sClient = new this.K8sClient({
       kubeConfigStr,
-      logger: this.logger
+      logger: this.logger,
+      skipTLSVerify: this.skipTLSVerify,
     });
     // if (this.clusterIp != null) {
     //   if (!this.clusterDomain) {