weave-gitops
weave-gitops copied to clipboard
Profiles API should take custom TLS config into account
Providing further context on https://github.com/weaveworks/weave-gitops/pull/1148#pullrequestreview-821572298.
The current state of the PR constructs a ChartPathOption
in pkg/helm/charts.go
in which the username and password from the HelmRepository
referenced Secret
are consumed. While this may be sufficient for most simple configurations that are behind a basic auth, it will not work for remote repositories with e.g. a self-signed certificate (or other custom TLS requirements).
To solve this, the certificates if present should be extracted from the Secret to e.g. temporary files (example: https://github.com/fluxcd/source-controller/blob/main/internal/helm/getter/getter.go#L29), and these file paths should then be passed on to ChartPathOptions
.
We should use the same approach as Flux has done in the URL linked to by @hiddeco
@hiddeco would you be open to a PR to move that from internal/
so it could be reused?
Happy to have that specific (sub)module moved somewhere where it's publicly available, but would like to keep all of the other Helm code hidden behind internal
, as it is very specifically designed for the quirks we have to work around within the context of the source-controller (without having to serve or think of other dependants).
To not couple this code base to the whole controller, it might be best to move it into fluxcd/pkg[/helm?]
. Which would allow us to publish it as a standalone module.
We should use the same approach as Flux has done in the URL linked to by @hiddeco
@hiddeco would you be open to a PR to move that from
internal/
so it could be reused?
@bigkevmcd @hiddeco is the PR to move code from internal
a blocker for this ticket?