source-controller icon indicating copy to clipboard operation
source-controller copied to clipboard

Published 20 hours ago verified publisher icon fluxcd

Add `.spec.insecureSkipVerify` to `HelmRepository` for type: `oci`

Open unai-ttxu opened this issue 1 year ago • 2 comments

Allow connecting to Helm OCI HTTPs repositories without verifying the server's certificate chain and host name.

Example:

apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
  name: myhelmrepo
  namespace: default
spec:
  type: oci
  interval: 1h
  insecureSkipVerify: true
  url: oci://my-self-signed-helm-repo-url:5000/charts

unai-ttxu avatar Jan 24 '24 18:01 unai-ttxu

To work with self-signed certs you can provide the CA to Flux, please see https://fluxcd.io/flux/components/source/helmrepositories/#cert-secret-reference

For security reasons, we decided to not have insecureSkipVerify anywhere in Flux controllers.

stefanprodan avatar Jan 24 '24 23:01 stefanprodan

To work with self-signed certs you can provide the CA to Flux, please see https://fluxcd.io/flux/components/source/helmrepositories/#cert-secret-reference

For security reasons, we decided to not have insecureSkipVerify anywhere in Flux controllers.

Hi @stefanprodan, thank you so much for the comment!

I thought it'd be a nice feature to be able to configure self-signed Helm registries without handling the self-signed CA certificates, specially in development environments. But I understand your decision since it's not a good practice.

unai-ttxu avatar Jan 25 '24 08:01 unai-ttxu