-
Notifications
You must be signed in to change notification settings - Fork 187
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[bug] hostname mismatch error when using a helm repository URL that redirects to another URL in a cluster behind a proxy using self-signed certs #1219
Comments
Hi, I'm assuming that the certificate that you're setting here is of the proxy server and not of the upstream chart index host. We don't have support for proxy configuration in HelmRepository API. The recommended way at present is to set the proxy configuration in the environment variables, refer https://fluxcd.io/flux/installation/configuration/proxy-setting/#using-https-proxy-for-egress-traffic. Since bitnami started publishing OCI helm charts, just as an experiment, you can try pulling an OCI helm chart using the OCIRepository resource, which has a apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: OCIRepository
metadata:
name: bitnami-common
namespace: default
spec:
interval: 1m
url: oci://registry-1.docker.io/bitnamicharts/common
ref:
tag: 2.9.1
insecure: true And then check if the object is ready in its status. Any failure would also be reported on the object status. Although this won't allow you to install the helm chart, if this works for you, HelmRepository OCI with insecure support will also work for you whenever that gets implemented. Hope this helps. |
Describe the Bug
We have a Kubernetes cluster behind a mitmproxy running in transparent mode that uses self-signed certs.
Created a HelmRepository CR of version source.toolkit.fluxcd.io/v1beta2 and a secret to refer to the proxy certificate.
The URL https://charts.bitnami.com/bitnami/index.yaml redirects to https://repo.vmware.com/bitnami-files/index.yaml.
The source controller fails to reconcile the HelmRepository with the error
failed to fetch Helm repository index: failed to cache index to temporary file: failed to fetch https://charts.bitnami.com/bitnami/index.yaml : 502 Bad Gateway
On the mitmproxy, we are seeing the error
Certificate verify failed: hostname mismatch
When we dug deeper we saw on line(in the latest version of the code)
source-controller/internal/helm/getter/getter.go
Line 102 in af854cf
Source Controller Version
1.1.0 (latest)
The text was updated successfully, but these errors were encountered: