-
Notifications
You must be signed in to change notification settings - Fork 872
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Feature] Trust self signed certificate on private helm repo, docker registry, addon registry #4122
Comments
possible solution: add one boolean argument for api-server, if it is true, let api-sever skip TLS check. |
Since we should support this in cli side too. An option when add registry is proper. eg: vela addon registry addon xxx --skipInsecureTls=true |
Or whether it can support private ca at the same time. cli use vela addon registry add vela-private --caCert ${userDir}/ca.crt |
|
Yes |
I understand the reason for this support, can you assign this issue to me |
@TIEDPAG Assigned , you can also assign by yourself with the comment |
Signed-off-by: damianqin <damianqin@tiedpag.club>
Signed-off-by: damianqin <damianqin@tiedpag.club>
What about storing the certificate in the registry config? Just like username and password does. When the user wants to access the registry, the certificate is automatically loaded. |
Yes. That should be good experience |
Signed-off-by: damianqin <damianqin@tiedpag.club>
Signed-off-by: damianqin <damianqin@tiedpag.club>
* Feat: support addon helm repo skip tls verify (#4122) Signed-off-by: damianqin <damianqin@tiedpag.club> * Fix: mv http server to BeforeSuite Signed-off-by: damianqin <damianqin@tiedpag.club> * Fix: fix ci error Signed-off-by: damianqin <damianqin@tiedpag.club> * Fix: fix merge Signed-off-by: damianqin <damianqin@tiedpag.club> * Feat: support addon helm repo skip tls verify (#4122) Signed-off-by: damianqin <damianqin@tiedpag.club> * Fix: mv http server to BeforeSuite Signed-off-by: damianqin <damianqin@tiedpag.club> * Fix: fix ci error Signed-off-by: damianqin <damianqin@tiedpag.club> * Fix: fix ci Signed-off-by: damianqin <damianqin@tiedpag.club> Co-authored-by: damianqin <damianqin@tiedpag.club> Co-authored-by: Jianbo Sun <jianbo.sjb@alibaba-inc.com>
Is your feature request related to a problem? Please describe.
Our internal helm docker registry , tls is self signed, when we add to kubevela, it will be failed with below error, we would like kubevela supports self signed certificate
Found 1 errors. [(download index file from https://github.systems/raw/test/helm-chats/master/addons failure Get "https://github.systems/raw/test/helm-chats/master/addons/index.yaml": x509: certificate signed by unknown authority)]
Describe the solution you'd like
Describe alternatives you've considered
Additional context
The text was updated successfully, but these errors were encountered: