You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
as a corporate user, I need to configure development tools to use a corporate proxy and ca authority. This, as such, is causing many problems as you can imagine. However, after some struggles, I got all tools accepting the proxy/ca settings. Only with HELM I found an issue that I cannot easily overcome.
The issue is not related to the "repo add" step, which works fine with the "--ca-file" setting, although a repo-agnostic/general setting would be nice to have for this use case.
The problem occurs in the "install" step, when HELM seems to try to download a HELM manifest hosted from GitHub.
ChatGPT indicates that it could be related to the strict TLS certificate validation of Go or a problem of confusing certificates as result of a redirect. There seem to be request to both domains ".github.com" and ".github.io" involved. I have a hard time to pin the problem further down. All involved URLs listed below are accessible in a web browser on the same system. In all cases the corporate ca is used.
Minimum steps to reproduce (in corporate setting using proxy):
helm repo add --debug --ca-file $caCertPath oauth2-proxy https://oauth2-proxy.github.io/manifests/
helm repo update
helm install oauth2-proxy oauth2-proxy/oauth2-proxy
The variable $caCertPath is a path to the corporate ca file. I left out the actual proxy configuration, which is correctly adopted by HELM from the environment variables (HTTPS_PROXY, HTTP_PROXY).
Tests were done on Ubuntu (WSL2) with HELM version: version.BuildInfo{Version:"v3.15.2", GitCommit:"1a500d5625419a524fdae4b33de351cc4f58ec35", GitTreeState:"clean", GoVersion:"go1.22.4"}
Thanks in advance for your support.
The text was updated successfully, but these errors were encountered:
Dear community,
as a corporate user, I need to configure development tools to use a corporate proxy and ca authority. This, as such, is causing many problems as you can imagine. However, after some struggles, I got all tools accepting the proxy/ca settings. Only with HELM I found an issue that I cannot easily overcome.
ChatGPT indicates that it could be related to the strict TLS certificate validation of Go or a problem of confusing certificates as result of a redirect. There seem to be request to both domains ".github.com" and ".github.io" involved. I have a hard time to pin the problem further down. All involved URLs listed below are accessible in a web browser on the same system. In all cases the corporate ca is used.
Minimum steps to reproduce (in corporate setting using proxy):
helm repo add --debug --ca-file $caCertPath oauth2-proxy https://oauth2-proxy.github.io/manifests/
helm repo update
helm install oauth2-proxy oauth2-proxy/oauth2-proxy
The variable $caCertPath is a path to the corporate ca file. I left out the actual proxy configuration, which is correctly adopted by HELM from the environment variables (HTTPS_PROXY, HTTP_PROXY).
This leads to the following error:
Downloading oauth2-proxy from repo https://oauth2-proxy.github.io/manifests/ Save error occurred: could not download https://github.com/oauth2-proxy/manifests/releases/download/oauth2-proxy-6.19.1/oauth2-proxy-6.19.1.tgz: Get "https://github.com/oauth2-proxy/manifests/releases/download/oauth2-proxy-6.19.1/oauth2-proxy-6.19.1.tgz": tls: failed to verify certificate: x509: certificate is valid for github.com, www.github.com, not oauth2-proxy.github.io Error: could not download https://github.com/oauth2-proxy/manifests/releases/download/oauth2-proxy-6.19.1/oauth2-proxy-6.19.1.tgz: Get "https://github.com/oauth2-proxy/manifests/releases/download/oauth2-proxy-6.19.1/oauth2-proxy-6.19.1.tgz": tls: failed to verify certificate: x509: certificate is valid for github.com, www.github.com, not oauth2-proxy.github.io
Tests were done on Ubuntu (WSL2) with HELM version: version.BuildInfo{Version:"v3.15.2", GitCommit:"1a500d5625419a524fdae4b33de351cc4f58ec35", GitTreeState:"clean", GoVersion:"go1.22.4"}
Thanks in advance for your support.
The text was updated successfully, but these errors were encountered: