fluxcd
/
source-controller
mirror of https://github.com/fluxcd/source-controller.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix missing TLS ServerName in HelmRepository 

Add ServerName configuration to TLS config in HelmRepository client
options to ensure proper SNI (Server Name Indication) support for
virtual hosting environments. This addresses the regression introduced
when migrating from internal/tls to runtime/secrets, where ServerName
was not being set automatically.

Without ServerName, TLS handshakes fail with certificate mismatch
errors when connecting to Helm repositories using virtual hosting
where multiple repositories are hosted on the same IP address.

Signed-off-by: cappyzawa <cappyzawa@gmail.com>
This commit is contained in:
cappyzawa 2025-07-19 21:25:09 +09:00
parent 74242e5d8a
commit b2993a76bc
No known key found for this signature in database
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
internal/helm/getter/client_opts.go
View File

@ -122,7 +122,7 @@ func configureAuthentication(ctx context.Context, c client.Client, obj *sourcev1
}
certSecret = secret
tlsConfig, err := secrets.TLSConfigFromSecret(ctx, secret)
tlsConfig, err := secrets.TLSConfigFromSecret(ctx, secret, obj.Spec.URL, obj.Spec.Insecure)
if err != nil {
return false, nil, nil, fmt.Errorf("failed to construct Helm client's TLS config: %w", err)
}
@ -138,7 +138,7 @@ func configureAuthentication(ctx context.Context, c client.Client, obj *sourcev1
}
authSecret = secret
methods, err := secrets.AuthMethodsFromSecret(ctx, secret)
methods, err := secrets.AuthMethodsFromSecret(ctx, secret, secrets.WithTLS(obj.Spec.URL, obj.Spec.Insecure))
if err != nil {
return false, nil, nil, fmt.Errorf("failed to detect authentication methods: %w", err)
}