Add `.spec.insecureSkipVerify` to `HelmRepository` for type: `oci` by unai-ttxu · Pull Request #1345 · fluxcd/source-controller
Conversation
Allow connecting to Helm OCI HTTPs repositories without verifying the server's certificate chain and host name.
Example:
apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: HelmRepository metadata: name: myhelmrepo namespace: default spec: type: oci interval: 1h insecureSkipVerify: true url: oci://my-self-signed-helm-repo-url:5000/charts
Signed-off-by: Unai Arrien <unaittxu@gmail.com>
Signed-off-by: Unai Arrien <unaittxu@gmail.com>
To work with self-signed certs you can provide the CA to Flux, please see https://fluxcd.io/flux/components/source/helmrepositories/#cert-secret-reference
For security reasons, we decided to not have
insecureSkipVerifyanywhere in Flux controllers.
Hi @stefanprodan, thank you so much for the comment!
I thought it'd be a nice feature to be able to configure self-signed Helm registries without handling the self-signed CA certificates, specially in development environments. But I understand your decision since it's not a good practice.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
2 participants