search

carvel-dev / vendir

Easy way to vendor portions of git repos, github releases, helm charts, docker image contents, etc. declaratively
https://carvel.dev/vendir
Apache License 2.0
282 stars 50 forks source link

Feature request: add option for skipping SSL verification when using Git #260

Closed alexandreroman closed 11 months ago

alexandreroman commented 1 year ago

Describe the problem/challenge you have vendir has no option for setting GIT_SSL_NO_VERIFY=true, which could be used with Git repos using a self-signed certificate. This environment variable tells Git not to verify SSL certificates.

Describe the solution you'd like The current implementation already sets a few environment variables when using Git, such as GIT_LFS_SKIP_SMUDGE=1 to skip downloading lfs files.

I wish there was a way to disable SSL verification when using Git, by adding a flag in the Git configuration.

For example:

git:
      url: https://github.com/cloudfoundry/cf-k8s-networking
      ref: origin/master
      # skip SSL verification
      skipSslVerification: true

Vote on this request

This is an invitation to the community to vote on issues, to help us prioritize our backlog. Use the "smiley face" up to the right of this comment to vote.

👍 "I would like to see this addressed as soon as possible" 👎 "There are other more important things to focus on right now"

We are also happy to receive and review Pull Requests if you want to help working on this issue.

neil-hickey commented 1 year ago

Thanks for submitting this issue @alexandreroman , would you be interesting in making a PR with the change?

alexandreroman commented 1 year ago

I'm not into Go, but I'm happy to help with testing when you get something ready.

vmunishwar commented 1 year ago

Response from @alexandreroman - The problem is: I ran into this issue with my customer when using kapp-controller (through TAP namespace-provisioner) and a private Git repo with a self-signed certificate. Ultimately we’d need to add a setting in kapp-controller to skip TLS validation for Git repos - maybe using the flag dangerousSkipTLSVerify?

As per above message seems like we need to implement this in kapp-controller.

alexandreroman commented 1 year ago

Correct: from a user perspective, kapp-controller will have to configure vendir to skip TLS verification (this is my use case). Reusing the existing flag dangerousSkipTLSVerify would be great.

vmunishwar commented 1 year ago

@alexandreroman - Here is the PR (https://github.com/carvel-dev/vendir/pull/265) for adding option for skipping SSL verification when using Git. I have merged this PR to develop. This feature should be available with the next release of vendir.

joaopapereira commented 11 months ago

Fixed in release v0.36.0