From 8b8e96444e0c4ef805c3daa06aa56f261f50cfc6 Mon Sep 17 00:00:00 2001 From: Kevin Boisits Date: Fri, 6 Jun 2025 21:00:14 -0500 Subject: [PATCH 1/3] Add the ability to skip verifying the TLS cert for s3 storage Allow using self signed cert on S3 storage used --- README.md | 1 + templates/_helpers.tpl | 5 +++++ values.yaml | 1 + 3 files changed, 7 insertions(+) diff --git a/README.md b/README.md index 2871f95..b46d44e 100644 --- a/README.md +++ b/README.md @@ -86,6 +86,7 @@ their default values. | `s3.encrypt` | Store images in encrypted format | `nil` | | `s3.secure` | Use HTTPS | `nil` | | `s3.forcepathstyle` | Use path-style addressing, needed for some s3 compatible storage (minio) | `nil` | +| `s3.insecureSkipVerify` | Allows connection to s3 storage using TLS with untrusted/self-signed certificate | `nil` | | `swift.authurl` | Swift authurl | `nil` | | `swift.container` | Swift container | `nil` | | `proxy.enabled` | If true, registry will function as a proxy/mirror | `false` | diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 5a754fb..b5d75db 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -108,6 +108,11 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this value: {{ .Values.s3.forcepathstyle | quote }} {{- end -}} +{{- if .Values.s3.insecureSkipVerify }} +- name: REGISTRY_STORAGE_S3_SKIPVERIFY + value: {{ .Values.s3.insecureSkipVerify | quote }} +{{- end -}} + {{- else if eq .Values.storage "swift" }} - name: REGISTRY_STORAGE_SWIFT_AUTHURL value: {{ required ".Values.swift.authurl is required" .Values.swift.authurl }} diff --git a/values.yaml b/values.yaml index 38f32cb..a04d92e 100644 --- a/values.yaml +++ b/values.yaml @@ -105,6 +105,7 @@ secrets: # encrypt: false # secure: true # forcepathstyle: true +# insecureSkipVerify: true # Options for swift storage type: # swift: From d344f36b9412363e27b46881047f96699e4c8c0b Mon Sep 17 00:00:00 2001 From: Kevin Boisits Date: Sun, 8 Jun 2025 22:32:26 -0500 Subject: [PATCH 2/3] Change name to match the config variable --- README.md | 2 +- templates/_helpers.tpl | 4 ++-- values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index b46d44e..30f48b4 100644 --- a/README.md +++ b/README.md @@ -86,7 +86,7 @@ their default values. | `s3.encrypt` | Store images in encrypted format | `nil` | | `s3.secure` | Use HTTPS | `nil` | | `s3.forcepathstyle` | Use path-style addressing, needed for some s3 compatible storage (minio) | `nil` | -| `s3.insecureSkipVerify` | Allows connection to s3 storage using TLS with untrusted/self-signed certificate | `nil` | +| `s3.skipverify` | Allows connection to s3 storage using TLS with untrusted/self-signed certificate | `nil` | | `swift.authurl` | Swift authurl | `nil` | | `swift.container` | Swift container | `nil` | | `proxy.enabled` | If true, registry will function as a proxy/mirror | `false` | diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index b5d75db..573276c 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -108,9 +108,9 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this value: {{ .Values.s3.forcepathstyle | quote }} {{- end -}} -{{- if .Values.s3.insecureSkipVerify }} +{{- if .Values.s3.skipverify }} - name: REGISTRY_STORAGE_S3_SKIPVERIFY - value: {{ .Values.s3.insecureSkipVerify | quote }} + value: {{ .Values.s3.skipverify | quote }} {{- end -}} {{- else if eq .Values.storage "swift" }} diff --git a/values.yaml b/values.yaml index a04d92e..93f0168 100644 --- a/values.yaml +++ b/values.yaml @@ -105,7 +105,7 @@ secrets: # encrypt: false # secure: true # forcepathstyle: true -# insecureSkipVerify: true +# skipverify: true # Options for swift storage type: # swift: From 55527bf77c9f8e1b8432c9c98d51e2d1b65d9c22 Mon Sep 17 00:00:00 2001 From: Kevin Boisits Date: Sun, 8 Jun 2025 22:33:50 -0500 Subject: [PATCH 3/3] Fix spacing --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 30f48b4..5c36f88 100644 --- a/README.md +++ b/README.md @@ -86,7 +86,7 @@ their default values. | `s3.encrypt` | Store images in encrypted format | `nil` | | `s3.secure` | Use HTTPS | `nil` | | `s3.forcepathstyle` | Use path-style addressing, needed for some s3 compatible storage (minio) | `nil` | -| `s3.skipverify` | Allows connection to s3 storage using TLS with untrusted/self-signed certificate | `nil` | +| `s3.skipverify` | Allows connection to s3 storage using TLS with untrusted/self-signed certificate | `nil` | | `swift.authurl` | Swift authurl | `nil` | | `swift.container` | Swift container | `nil` | | `proxy.enabled` | If true, registry will function as a proxy/mirror | `false` |