Disable tls verification for helm charts

[Exobitt]

Hi

I'm trying to install traefik through a nexus repository, as i'm in an air-gapped environment.
I created a manifest, so it would startup during the rke2 startup phase, and disabled rke2-ingress-nginx.
Using the apiVersion: helm.cattle.io/v1, trying to fetch the helm chart, it responds with an tls verification error, and somehow can't figure out how to disable it.
tls: failed to verify certificate: x509: certificate signed by unknown authority

I already updated the CA inside the OS, in-order for containerd to pull images through the nexus repository and pointing towards it in registries.yaml. This is succesful, and i can pull images through it. But not when utilizing helm charts.

Is there anyway i can disable this, when its in a manifest?

[brandond]

No. You should pass the chart repo's CA certificate in the HelmChart manifests's spec.repoCA field. If you already have the private CA in a configmap somewhere, you can point at it with the spec.repoCAConfigMap field.

[Exobitt]

Thank you for your answer.
Though, i would like that to be a part of the Helm documentation, as it's not present or visible, that these two are an option.
I coud make a draft, and a pr if you'd like.

[brandond]

yes, the docs are due for a refresh. You can find the raw API types at:
https://github.com/k3s-io/helm-controller/blob/master/pkg/apis/helm.cattle.io/v1/types.go#L21-L42