You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Node(s) CPU architecture, OS, and Version:
Ubuntu
AMD
Cluster Configuration:
-1 node
example-repo-auth.yaml:
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
namespace: kube-system
name: example-app
spec:
targetNamespace: kube-system
createNamespace: true
version: v1.2.3
chart: example-app
repo: https://secure-repo.example.com
authSecret:
name: secret-tls2
# repoCAConfigMap:
# name: example-repo-ca
valuesContent: |-
image:
tag: v1.2.2
---
apiVersion: v1
kind: Secret
metadata:
namespace: kube-system
name: secret-tls3
type: kubernetes.io/tls
stringData:
# values are base64 encoded, which obscures them but does NOT provide
# any useful level of confidentiality
tls.crt: |
test
# In this example, the key data is not a real PEM-encoded private key
tls.key: |
test==
---
Steps to validate the fix
start k3s
Validate create auth with tls
Reproduction Issue:
$ k3s -v
k3s version v1.30.1+k3s-6e6f7995 (6e6f7995)
go version go1.22.2
k logs helm-install-example-app- -n kube-system
ERROR does not mention creation of TLS
Error: looks like "https://secure-repo.example.com" is not a valid chart repository or cannot be reached: Get "https://secure-repo.example.com/index.yaml": dial tcp: lookup secure-repo.example.com on 10.43.0.10:53: no such host
Validation Results:
kubectl create secret tls secret-tls2 --cert=client.crt --key=client.key -n kube-system
kubectl apply -f example-repo-auth.yaml
k logs helm-install-example-app- -n kube-system
ERROR mentioned that it tried to create TLS
Error: looks like "https://secure-repo.example.com" is not a valid chart repository or cannot be reached: can't create TLS config for client: can't load key pair from cert /auth/tls.crt and key /auth/tls.key: tls: failed to find any PEM data in certificate input
Currently the HelmChart
spec.authSecret
must be a Basic authentication Secret to auth to repos using username and password.We should add support for TLS Secrets to allow authenticating to chart repos using TLS Client Certificate Authentication.
The text was updated successfully, but these errors were encountered: