import-images command failed when using plain http local registry

[jiayiwang7]

What happened:

When running eksctl anywhere import-images command, we also push the cilium chart to the OCI local registry through Helm v3 with helm push. The command fails when the local registry is a plain HTTP service with no TLS. There is an upstream open helm issue https://github.com/helm/helm/issues/6324 that helm does not support insecure registry (HTTP or HTTPS with self-signed certificate) yet. EKS-A team has a custom build with some patches to enable --insecure-skip-tls-verify and --plain-http options in our custom helm build: https://github.com/aws/eks-anywhere-build-tooling/blob/main/projects/helm/helm/patches/0001-Insecure-flag-for-oci-push-pull-install.patch#L36. The --insecure-skip-tls-verify is currently being used in EKS-A CLI code when pushing the chart to OCI: https://github.com/aws/eks-anywhere/blob/main/pkg/executables/helm.go#L80, but not for --plain-http.

What you expected to happen:

We might need to introduce a new field in RegistryMirrorConfiguration and give user option to set plainHttp: true, so that we can pass down to the helm push cmd when we push the chart to the registry. Or have the capability to detect whether the local registry is http or https server, and auto determine the arguments used for helm.

How to reproduce it (as minimally and precisely as possible):

Configure cluster spec file with a plain HTTP local registry and run eksctl anywhere import-images -f cluster.yaml

  registryMirrorConfiguration:
    endpoint: 1.2.3.4
    port: 5000 # http port

Anything else we need to know?:

Environment:

• EKS Anywhere Release: v0.9
• EKS Distro Release: