Description of problem:

Cluster is facing the same issue described in GITOPS-3811. It has since been updated to GitOps 1.12.0, but is still facing the same issue with helm pulls failing on grounds of a self-signed certificate. Manually curling with the cert completes the connection; issue appears to be with helm

Workaround

No known workaround as of now.

Prerequisites (if any, like setup, operators/versions):

• OpenShift 4.13.28
• GitOps 1.12.0
• Quay registry holding Helm chart

Steps to Reproduce

1. Install 4.13.28 cluster
2. Install GitOps 1.12.0
3. Install an application using a helm chart deployed to a Quay registry

Actual results:

Application fails to pull helm chart, citing this error:

Unable to save changes: application spec for identity-upgrade is invalid: InvalidSpecError: Unable to generate manifests in : rpc error: code = Unknown desc = `helm pull oci://registry.apps.example.com/helm/app-template --version 3.0.2 --destination /tmp/aa0406be-3480-4509-a84d-dc735d9254dc` failed exit status 1: Error: failed to do request: Head "
https://registry.apps.example.com/v2/helm/app-template/manifests/3.0.2":
tls: failed to verify certificate: x509: certificate signed by unknown authority

Expected results:

Helm pull succeeds.

Reproducibility (Always/Intermittent/Only Once):

Always in customer cluster.