Comments (4)
In terms of the insecureSkipTLSVerify
option, looks like support for that was added to helm v3.12.0, and we're currently on v3.10.2 in this repo. So perhaps upgrading our dependency would make insecureSkipTLSVerify
start working 🤔
Are you interested in testing that out in your environment? 🙏
There may be further work to make end to end TLS work, but it's hard to tell what may be wrong there without setting up a specific repro environment that we have full control over - otherwise there's too many unknown variables in the environment for which this issue was opened in.
from provider-helm.
Thanks for looking into this @jbw976
So it looks like insecureSkipTLSVerify
works with http based helm registry, but never worked when using oci://
registry
@sujith1594 which registry you are using, is it based on an open source and could you provide how is it setup?
from provider-helm.
Hi @csantanapr, We are using Redhat Quay which is built on top of Openshift Cluster. Quay is an OCI Registry
from provider-helm.
I've got the same problem with Zot OCI registry:
forProvider:
chart:
name: scheduler
pullSecretRef:
name: ""
namespace: ""
repository: oci://zot.default.svc.cluster.local:5000/charts
version: 0.1.0
insecureSkipTLSVerify: true
The provider-helm Release returns this error:
Warning CannotCreateExternalResource 1s (x6 over 10s) managed/release.helm.crossplane.io failed to install release: failed to pull chart: failed to do request: Head "https://zot.default.svc.cluster.local:5000/v2/charts/scheduler/manifests/0.1.0": tls: failed to verify certificate: x509: certificate signed by unknown authority
My certificate has the proper FQDN and SAN but was signed by a self-signed root CA. I'm going to try with the cluster CA.
from provider-helm.
Related Issues (20)
- Ability to store secrets in vault
- On Helm release with the specified option pullSecretRef does not find the Secret in the namespace HOT 1
- Support aws s3 bucket as a helm repository HOT 8
- Establish Ownership and Visibility of Helm Resources in ArgoCD via OwnerReferences HOT 2
- Passing args to configure the Helm provider package to configure the controller and be more verbose HOT 2
- make: *** No rule to make target `local.up', needed by `local-dev'. Stop. HOT 3
- Retry should be enabled by default HOT 1
- Add Proxy Support
- howto debugging reconciling loop HOT 1
- Installation of provider-helm fails with "resource name may not be empty" in air-gapped environment. HOT 1
- Add x-kubernetes-map-type: granular to release values to support serve side apply
- identity section for AzureAD auth in ProviderConfig should not be processed when the supplied kubeconfig does not require AzureAD auth
- Enable support for Management Policies in Helm Provider HOT 1
- What is the purpose of putting an `*` as an option in an enum?? HOT 2
- Drop v1alpha1 or add conversion webhooks HOT 13
- Release Ready status should be aggregation of readines of object deployed within a release
- Observe data from resources created by Release object
- ProviderConfig does not support "InjectedIdentity" as `source.identity`
- Rollback feature doesn't work as expected.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from provider-helm.