Uploaded image for project: 'OpenShift GitOps'
  1. OpenShift GitOps
  2. GITOPS-4587

Helm pull against OCI registry (still) failing

XMLWordPrintable

    • False
    • None
    • False

      Description of problem:

      Cluster is facing the same issue described in GITOPS-3811. It has since been updated to GitOps 1.12.0, but is still facing the same issue with helm pulls failing on grounds of a self-signed certificate. Manually curling with the cert completes the connection; issue appears to be with helm

      Workaround

      No known workaround as of now.

      Prerequisites (if any, like setup, operators/versions):

      • OpenShift 4.13.28
      • GitOps 1.12.0
      • Quay registry holding Helm chart

      Steps to Reproduce

      1. Install 4.13.28 cluster
      2. Install GitOps 1.12.0
      3. Install an application using a helm chart deployed to a Quay registry

      Actual results:

      Application fails to pull helm chart, citing this error:

      Unable to save changes: application spec for identity-upgrade is invalid: InvalidSpecError: Unable to generate manifests in : rpc error: code = Unknown desc = `helm pull oci://registry.apps.example.com/helm/app-template --version 3.0.2 --destination /tmp/aa0406be-3480-4509-a84d-dc735d9254dc` failed exit status 1: Error: failed to do request: Head "
      https://registry.apps.example.com/v2/helm/app-template/manifests/3.0.2":
      tls: failed to verify certificate: x509: certificate signed by unknown authority

      Expected results:

      Helm pull succeeds.

      Reproducibility (Always/Intermittent/Only Once):

      Always in customer cluster.

              rh-ee-sghadi Siddhesh Ghadi
              rhn-support-jorbell Jordan Bell
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: