Open sujith1594 opened 8 months ago
In terms of the insecureSkipTLSVerify
option, looks like support for that was added to helm v3.12.0, and we're currently on v3.10.2 in this repo. So perhaps upgrading our dependency would make insecureSkipTLSVerify
start working 🤔
Are you interested in testing that out in your environment? 🙏
There may be further work to make end to end TLS work, but it's hard to tell what may be wrong there without setting up a specific repro environment that we have full control over - otherwise there's too many unknown variables in the environment for which this issue was opened in.
Thanks for looking into this @jbw976
So it looks like insecureSkipTLSVerify
works with http based helm registry, but never worked when using oci://
registry
@sujith1594 which registry you are using, is it based on an open source and could you provide how is it setup?
Hi @csantanapr, We are using Redhat Quay which is built on top of Openshift Cluster. Quay is an OCI Registry
I've got the same problem with Zot OCI registry:
forProvider:
chart:
name: scheduler
pullSecretRef:
name: ""
namespace: ""
repository: oci://zot.default.svc.cluster.local:5000/charts
version: 0.1.0
insecureSkipTLSVerify: true
The provider-helm Release returns this error:
Warning CannotCreateExternalResource 1s (x6 over 10s) managed/release.helm.crossplane.io failed to install release: failed to pull chart: failed to do request: Head "https://zot.default.svc.cluster.local:5000/v2/charts/scheduler/manifests/0.1.0": tls: failed to verify certificate: x509: certificate signed by unknown authority
My certificate has the proper FQDN and SAN but was signed by a self-signed root CA. I'm going to try with the cluster CA.
What happened?
I'm trying to create a Helm Release using helm-provider, but I'm getting "Certificate Signed by Unknown authority even after adding "insecureSkipTLSVerify: true". Can some one help me how to fix the cert issue or how can I skip the TLS verification?
How can we reproduce it?
What environment did it happen in?
Crossplane version: 1.13.2
Include at least the version or commit of Crossplane you were running. Consider also including your:
kubectl version
): 1.25