--insecure-skip-tls-verify not working

[cdprete]

What happened?

The --insecure-skip-tls-verify seems to not work when helm is used to install/upgrade a release on a cluster.

What did you expect to happen?

The TLS verification should be skipped also when installing/upgrading a release.

How can we reproduce it (as minimally and precisely as possible)?

$ helm upgrade "$RELEASE_NAME" "$CHART_PATH" --atomic -i --insecure-skip-tls-verify --namespace "$NAMESPACE_NAME" --kube-apiserver "$CI_ENVIRONMENT_URL" --kube-token "$OCP_DEPLOYER_TOKEN" -f "$CHART_PATH/environments/values-$ENV.yaml"

Error: Kubernetes cluster unreachable: Get "https://kubernetes.default:443/version": tls: failed to verify certificate: x509: certificate signed by unknown authority

Helm version

Details

version.BuildInfo{Version:"v3.18.6", GitCommit:"b76a950f6835474e0906b96c9ec68a2eff3a6430", GitTreeState:"clean", GoVersion:"go1.24.6"}

Kubernetes version

Details

There is no kubectl in the Alpine Docker image I'm using.

[banjoh]

From helm --help output

$ helm upgrade -h | grep insecure
      --insecure-skip-tls-verify                   skip tls certificate checks for the chart download
      --plain-http                                 use insecure HTTP connections for the chart download
      --kube-insecure-skip-tls-verify   if true, the Kubernetes API server's certificate will not be checked for validity. This will make your HTTPS connections insecure

I think you are looking for --kube-insecure-skip-tls-verify. --insecure-skip-tls-verify is used when connecting to chart repositories or OCI registries

[cdprete]

Oh, I missed that completely. My bad then if the other flag does what I expect to.

[cdprete]

@banjoh indeed it works. Thanks for the hint.

[banjoh]

Not a problem at all @cdprete. Am glad that helped