fluxcd / helm-operator

Successor: https://github.com/fluxcd/helm-controller — The Flux Helm Operator, once upon a time a solution for declarative Helming.

Home Page:https://docs.fluxcd.io/projects/helm-operator/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

insecure_skip_tls_verify isn't respected in a given repositories.yaml

opened this issue · comments

Describe the bug

Given the following repositories.yaml, the option insecure_skip_tls_verify: true is not respected when helm-operator fetches the charts from the repository.

apiVersion: ""
generated: "0001-01-01T00:00:00Z"
repositories:
- caFile: ""
  certFile: ""
  insecure_skip_tls_verify: true
  keyFile: ""
  name: myawesomereponame
  password: myawesomepassword
  url: https://myawesomehelmrepo.com
  username: myawesomeuser

To Reproduce

Create a HelmRelease that fetches a chart from a repository with a certificate that's signed by an unknown authority. ( commonly a company internal CA ).

Expected behavior

I expect insecure_skip_tls_verify to be a respected option when fetching the chart.

Logs

ts=2020-10-24T13:03:02.506603686Z caller=release.go:85 component=release release=myawesomerelease targetNamespace=myawesomenamespace resource=myawesomenamespace:helmrelease/myawesomerelease helmVersion=v3 error="failed to prepare chart for release: chart unavailable: looks like \"https://myawesomehelmrepo.com/\" is not a valid chart repository or cannot be reached: Get \"https://myawesomehelmrepo.com/index.yaml\": x509: certificate signed by unknown authority"

Additional context

  • Helm Operator version: 1.2.0
  • Kubernetes version: v1.17.3
  • Git provider:
  • Helm repository provider:

I believe this is because we are using Helm v3.1.2, as specified in go.mod (ref: https://github.com/fluxcd/helm-operator/blob/master/go.mod#L32). In v3.2.0, the InsecureSkipTLSverify field was added to Helm (ref: helm/helm@dc26128).

To fix this, we may have to update the dependency to v3.2.0.

Sorry if your issue remains unresolved. The Helm Operator is in maintenance mode, we recommend everybody upgrades to Flux v2 and Helm Controller.

A new release of Helm Operator is out this week, 1.4.4.

We will continue to support Helm Operator in maintenance mode for an indefinite period of time, and eventually archive this repository.

Please be aware that Flux v2 has a vibrant and active developer community who are actively working through minor releases and delivering new features on the way to General Availability for Flux v2.

In the mean time, this repo will still be monitored, but support is basically limited to migration issues only. I will have to close many issues today without reading them all in detail because of time constraints. If your issue is very important, you are welcome to reopen it, but due to staleness of all issues at this point a new report is more likely to be in order. Please open another issue if you have unresolved problems that prevent your migration in the appropriate Flux v2 repo.

Helm Operator releases will continue as possible for a limited time, as a courtesy for those who still cannot migrate yet, but these are strongly not recommended for ongoing production use as our strict adherence to semver backward compatibility guarantees limit many dependencies and we can only upgrade them so far without breaking compatibility. So there are likely known CVEs that cannot be resolved.

We recommend upgrading to Flux v2 which is actively maintained ASAP.

I am going to go ahead and close every issue at once today,
Thanks for participating in Helm Operator and Flux! 💚 💙