[Feature] Trust self signed certificate on private helm repo, docker registry, addon registry

[jinnjwu]

Is your feature request related to a problem? Please describe.

Our internal helm docker registry , tls is self signed, when we add to kubevela, it will be failed with below error, we would like kubevela supports self signed certificate
Found 1 errors. [(download index file from https://github.systems/raw/test/helm-chats/master/addons failure Get "https://github.systems/raw/test/helm-chats/master/addons/index.yaml": x509: certificate signed by unknown authority)]

Describe the solution you'd like

Describe alternatives you've considered

Additional context

[StevenLeiZhang]

possible solution: add one boolean argument for api-server, if it is true, let api-sever skip TLS check.

[wangyikewxgm]

possible solution: add one boolean argument for api-server, if it is true, let api-sever skip TLS check.

Since we should support this in cli side too. An option when add registry is proper. eg:

vela addon registry addon xxx --skipInsecureTls=true

[TIEDPAG]

Or whether it can support private ca at the same time. cli use

vela addon registry add vela-private --caCert ${userDir}/ca.crt

[StevenLeiZhang]

Or whether it can support private ca at the same time. cli use

vela addon registry add vela-private --caCert ${userDir}/ca.crt

1. vela may connect multiple private TLS endpoints, if that user need specify ca.crt for every endpoint.
2. the private TLS endpoint may be setup by another team, so vela admin does not have ca.crt

[StevenLeiZhang]

possible solution: add one boolean argument for api-server, if it is true, let api-sever skip TLS check.

Since we should support this in cli side too. An option when add registry is proper. eg:

vela addon registry addon xxx --skipInsecureTls=true

Yes

[TIEDPAG]

possible solution: add one boolean argument for api-server, if it is true, let api-sever skip TLS check.

Since we should support this in cli side too. An option when add registry is proper. eg:

vela addon registry addon xxx --skipInsecureTls=true

Yes

I understand the reason for this support, can you assign this issue to me

[wonderflow]

@TIEDPAG Assigned , you can also assign by yourself with the comment /assign

[charlie0129]

1. vela may connect multiple private TLS endpoints, if that user need specify ca.crt for every endpoint.

What about storing the certificate in the registry config? Just like username and password does. When the user wants to access the registry, the certificate is automatically loaded.

[wonderflow]

1. vela may connect multiple private TLS endpoints, if that user need specify ca.crt for every endpoint.

What about storing the certificate in the registry config? Just like username and password does. When the user wants to access the registry, the certificate is automatically loaded.

Yes. That should be good experience