-
Notifications
You must be signed in to change notification settings - Fork 5.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Helm in Argo CD does not use added self-signed CA for pulling Helm Charts #12371
Comments
Whether to skip certificate verification @crenshaw-dev |
Helm does support Edit: Even this is not working inside the repo pod:
This worked fine on my local machine, but my Helm version on my machine is quite recent. Helm in the argocd-repo-server pod:
my local version:
Maybe I should update Argo CD, but it is still an issue on how to set |
Anything I can do or help with? |
bump |
Having the same issue here, did you find a way to fix it @dan-m8t ? |
Unfortunately not yet, I tried the workaround mentioned in similar issues here with mounting the hosts CA folder to Argo CD. No luck yet. I'm a little bit irritated that no developer answers :( |
I face the same issue, I also added the certificate to argocd as trusted, it is also mapped into the container correctly, can be found somewhere in app/config/tls/..data/ no workaround found so far |
I tried everything and it is just an argocd thing that needs to be fixed at code level but I don't even know where to start. I added the TLS certificates to the pods, you can add the OCI harbor repo to argocd and it does login, but when it goes to do the pull it just fails with the certificate error, it isn't using the certificates and not using the insecure tls flag. |
bump |
#8508 seems to indicate it should have been fixed, but apparently not :/ |
I'm not well versed in Go and I don't know the codebase at all, but it seems that part of the fix would be to put the logic that injects the Lines 188 to 228 in 42bdb5a
in: Lines 231 to 240 in 42bdb5a
|
I was able to reproduce this issue, looks like it requires two things
|
Facing the same issue. |
This is still an issue even with v2.10.7. Been beating my head on this for a month. Updating the argocd-tls-certs-cm does nothing to fix this. Having to inject certificates into the container trust store doesn't seem like a sustainable fix. |
i'd say this needs to be reopened – we're experiencing the same issue on v2.9.3, the fixes are apparently part of v2.6.x. @crenshaw-dev – you closed this, maybe have a 2nd look? :) |
I have encountered this issue as well. I am using Argo 2.10 with declarative setup. |
I was able to fix this by mounting a config map that contained our certificate chain. I can supply the specifics hopefully tomorrow.On Aug 7, 2024, at 09:15, Šimon Woidig ***@***.***> wrote:
I have encountered this issue as well. I am using Argo 2.10 with declarative setup.
I have added the CA cert to ArgoCD certificates. I also added the OCI registry as a repository. It shows a green mark next to it, meaning it was connected successfully.
I cannot create an app manually using this OCI repo - it just shows a TLS error. If I declare the application via the declarative method, it just shows it errored out.
See the images for more.
image.png (view on web)
image.png (view on web)
image.png (view on web)
image.png (view on web)
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you commented.Message ID: ***@***.***>
|
Seems like related to #19138. It mainly happens if helm repo is created using path in the URL. |
Checklist:
argocd version
.Describe the bug
I am trying to use Harbor as oci compliant Helm repository, the certificate of that registry is selfsigned.
In the docs it is shown how to add and trust custom CAs. (either via cli or UI, I tried both)
When I try to roll out a helm chart with a dependency pointing to Harbor Argo CD throws an Helm error:
I tried to pull myself the above Chart locally, I trusted the root CA of my Harbor and that just works fine
To Reproduce
kubectl exec -t argocd-repo-server-xyz -- helm pull oci://myharbor.customtld/something/chart/whatever --version 1.0.11
Expected behavior
helm pull
actionsVersion
The text was updated successfully, but these errors were encountered: