This is a backport of PR #934 as merged into main (775959c).
SUMMARY
This change introduces the plain_http parameter to modules that can interact with OCI registries. This in needed in cases where the OCI registry does not use SSL encryption, forcing Helm to send HTTP requests instead of HTTPS
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
helm, helm_pull and helm_template
ADDITIONAL INFORMATION
This is the output when trying to use an OCI registry that is not configured to use SSL certs.
fatal: [localhost]: FAILED! => {"changed": false, "command": "/usr/local/bin/helm show chart 'oci://<http-registry>/charts/foo'", "msg": "Failure when executing Helm command. Exited 1.\nstdout: \nstderr: Error: Get \"https://<http-registry>/v2/charts/foo/tags/list\": http: server gave HTTP response to HTTPS client\n", "stderr": "Error: Get \"https://<http-registry>/v2/charts/foo/tags/list\": http: server gave HTTP response to HTTPS client\n", "stderr_lines": ["Error: Get \"https://<http-registry>/v2/charts/foo/tags/list\": http: server gave HTTP response to HTTPS client"], "stdout": "", "stdout_lines": []}
Reviewed-by: Bikouo Aubin
SUMMARY
Added the option insecure_skip_tls_verify to the following helm modules:
helm_repository
helm
Unified the option with alias in helm_pull
For helm, added the option to the helm diff call, as it got fixed upstream.
Upstream Issue: databus23/helm-diff#503
Fixed with: helm/helm#12856
Fixes#694
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
kubernetes.core.helm
kubernetes.core.helm_repository
kubernetes.core.helm_pull
ADDITIONAL INFORMATION
Basically the option was added in the parameters set in the ansible job, in the docs and then injected in the helm and helm diff binary calls if set. Defaults to False.
Example
---
- name: Test helm modules
tasks:
- name: Test helm repository insecure
kubernetes.core.helm_repository:
name: insecure
repo_url: "<helm-repo-with-self-signed-tls>"
state: present
insecure_skip_tls_verify: true
- name: Test helm pull insecure
kubernetes.core.helm_pull:
chart_ref: "oci://<helm-repo-with-self-signed-tls>/ptroject"
destination: /tmp
insecure_skip_tls_verify: true
- name: Test helm insecure
kubernetes.core.helm:
name: insecure
chart_ref: "oci://<helm-repo-with-self-signed-tls>/project"
namespace: helm-insecure-test
state: present
insecure_skip_tls_verify: true
Note
Might need an alias for telm_template, as the option is called insecure_registry, in the manual and docs of helm it would be --insecure-skip-tls-verify as well though.
Not included, as it was recently merged with #805
Reviewed-by: Yuriy Novostavskiy
Reviewed-by: Noah Lehmann
Reviewed-by: Bikouo Aubin
Reviewed-by: Bianca Henderson <beeankha@gmail.com>
Reviewed-by: Mike Graves <mgraves@redhat.com>
SUMMARY
Apply no_log=True to pass_credentials to silence false positive warning.
Fixes similar issue to: #423
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
changelog/fragements/796-false-positive-helmull.yaml
plugins/modules/helm_pull.py
Reviewed-by: Yuriy Novostavskiy
Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: Irum Malik
minor(doc): use the same style of version_added across repo
SUMMARY
Currently is no single style of version_added, in some places it's unquoted, somewhere single quote is used, in another places it's double quoted. Moreover, some file had different styles in one single file.
The aim of this PR is to update whole repo to single style for version_added
ISSUE TYPE
Docs Pull Request
COMPONENT NAME
kustomize
helm
helm_info
helm_plugin
helm_plugin_info
helm_pull
helm_repository
helm_template
k8s_cluster_info
k8s_cp
k8s_drain
k8s_exec
k8s_log
k8s_rollback
k8s_taint
ADDITIONAL INFORMATION
The same style is proposed as used in amazon.aws collections
Reviewed-by: Kelv Gooding
Reviewed-by: Alina Buzachis
Reviewed-by: Mike Graves <mgraves@redhat.com>
Helm - Fix issue with alternative kubeconfig
SUMMARY
closes#538
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
helm modules
Reviewed-by: Mike Graves <mgraves@redhat.com>
