From b2993a76bceffefe888bb549771830d80563b10e Mon Sep 17 00:00:00 2001 From: cappyzawa Date: Sat, 19 Jul 2025 21:25:09 +0900 Subject: [PATCH] Fix missing TLS ServerName in HelmRepository Add ServerName configuration to TLS config in HelmRepository client options to ensure proper SNI (Server Name Indication) support for virtual hosting environments. This addresses the regression introduced when migrating from internal/tls to runtime/secrets, where ServerName was not being set automatically. Without ServerName, TLS handshakes fail with certificate mismatch errors when connecting to Helm repositories using virtual hosting where multiple repositories are hosted on the same IP address. Signed-off-by: cappyzawa --- internal/helm/getter/client_opts.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/helm/getter/client_opts.go b/internal/helm/getter/client_opts.go index 0c5eaf0c..cbcd09d9 100644 --- a/internal/helm/getter/client_opts.go +++ b/internal/helm/getter/client_opts.go @@ -122,7 +122,7 @@ func configureAuthentication(ctx context.Context, c client.Client, obj *sourcev1 } certSecret = secret - tlsConfig, err := secrets.TLSConfigFromSecret(ctx, secret) + tlsConfig, err := secrets.TLSConfigFromSecret(ctx, secret, obj.Spec.URL, obj.Spec.Insecure) if err != nil { return false, nil, nil, fmt.Errorf("failed to construct Helm client's TLS config: %w", err) } @@ -138,7 +138,7 @@ func configureAuthentication(ctx context.Context, c client.Client, obj *sourcev1 } authSecret = secret - methods, err := secrets.AuthMethodsFromSecret(ctx, secret) + methods, err := secrets.AuthMethodsFromSecret(ctx, secret, secrets.WithTLS(obj.Spec.URL, obj.Spec.Insecure)) if err != nil { return false, nil, nil, fmt.Errorf("failed to detect authentication methods: %w", err) }