Giter VIP home page Giter VIP logo

Comments (3)

makhov avatar makhov commented on August 17, 2024

Hello, the detective agency "Mandelbug" is here!

This is an interesting case, where everyone is a murderer.

Let's restore the sequence of events:

  • Helm maintainers for an unknown reason add a check for the server name to the TLSConfig in case the InsecureSkipVerify flag is set. Probably, they thought that it helps with security (it's not)
  • We, introducing the helm feature, for some reason (probably for testing purposes) added the InsecureSkipVerify: true and never changed that.
  • Bitnami creates a very popular helm chart repository
  • VMware buys Bitnami
  • Broadcom buys VMware
  • And finally last week Broadcom decided to move the Bitnami repository to the repo.broadcom.com domain using a redirect.

Obviously, a redirect with a pinned Server Name won't work properly, and our poor k0s helm deployer dies fails to add the repo.

As usual, casualties could have been avoided, but the fix has been open for 3 years and has never been merged.

We'll think about how we can fix the issue on the k0s side and will try to push the helm upstream to merge the fix on their side.

As a workaround, you can use https://repo.broadcom.com/bitnami-files as a Bitnami repo URL.

from k0s.

twz123 avatar twz123 commented on August 17, 2024

This is triggered by --insecure-skip-tls-verify, which k0s sets by default, unfortunately.

Reproducer using the Helm CLI:

$ helm repo add bitnami https://charts.bitnami.com/bitnami --force-update --insecure-skip-tls-verify
Error: looks like "https://charts.bitnami.com/bitnami" is not a valid chart repository or cannot be reached: Get "https://repo.broadcom.com/bitnami-files/index.yaml": remote error: tls: handshake failure

The upstream Helm issue:

and the Pull Request addressing this:

from k0s.

twz123 avatar twz123 commented on August 17, 2024

When #4660 gets released, you should be able to use the following to circumvent the problem:

apiVersion: k0s.k0sproject.io/v1beta1
kind: ClusterConfig
metadata:
  name: k0s
spec:
  # [...]
  extensions:
    helm:
      repositories:
      - name: bitnami
        url: https://charts.bitnami.com/bitnami
        insecure: false
  # [...]

from k0s.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.