insecure_skip_tls_verify isn't respected in a given repositories.yaml
opened this issue · comments
Describe the bug
Given the following repositories.yaml
, the option insecure_skip_tls_verify: true
is not respected when helm-operator fetches the charts from the repository.
apiVersion: ""
generated: "0001-01-01T00:00:00Z"
repositories:
- caFile: ""
certFile: ""
insecure_skip_tls_verify: true
keyFile: ""
name: myawesomereponame
password: myawesomepassword
url: https://myawesomehelmrepo.com
username: myawesomeuser
To Reproduce
Create a HelmRelease that fetches a chart from a repository with a certificate that's signed by an unknown authority. ( commonly a company internal CA ).
Expected behavior
I expect insecure_skip_tls_verify
to be a respected option when fetching the chart.
Logs
ts=2020-10-24T13:03:02.506603686Z caller=release.go:85 component=release release=myawesomerelease targetNamespace=myawesomenamespace resource=myawesomenamespace:helmrelease/myawesomerelease helmVersion=v3 error="failed to prepare chart for release: chart unavailable: looks like \"https://myawesomehelmrepo.com/\" is not a valid chart repository or cannot be reached: Get \"https://myawesomehelmrepo.com/index.yaml\": x509: certificate signed by unknown authority"
Additional context
- Helm Operator version: 1.2.0
- Kubernetes version: v1.17.3
- Git provider:
- Helm repository provider:
I believe this is because we are using Helm v3.1.2
, as specified in go.mod
(ref: https://github.com/fluxcd/helm-operator/blob/master/go.mod#L32). In v3.2.0
, the InsecureSkipTLSverify
field was added to Helm (ref: helm/helm@dc26128).
To fix this, we may have to update the dependency to v3.2.0
.
Sorry if your issue remains unresolved. The Helm Operator is in maintenance mode, we recommend everybody upgrades to Flux v2 and Helm Controller.
A new release of Helm Operator is out this week, 1.4.4.
We will continue to support Helm Operator in maintenance mode for an indefinite period of time, and eventually archive this repository.
Please be aware that Flux v2 has a vibrant and active developer community who are actively working through minor releases and delivering new features on the way to General Availability for Flux v2.
In the mean time, this repo will still be monitored, but support is basically limited to migration issues only. I will have to close many issues today without reading them all in detail because of time constraints. If your issue is very important, you are welcome to reopen it, but due to staleness of all issues at this point a new report is more likely to be in order. Please open another issue if you have unresolved problems that prevent your migration in the appropriate Flux v2 repo.
Helm Operator releases will continue as possible for a limited time, as a courtesy for those who still cannot migrate yet, but these are strongly not recommended for ongoing production use as our strict adherence to semver backward compatibility guarantees limit many dependencies and we can only upgrade them so far without breaking compatibility. So there are likely known CVEs that cannot be resolved.
We recommend upgrading to Flux v2 which is actively maintained ASAP.
I am going to go ahead and close every issue at once today,
Thanks for participating in Helm Operator and Flux! 💚 💙