Add .spec.insecureSkipVerify to HelmRepository for type: oci

[unai-ttxu]

Allow connecting to Helm OCI HTTPs repositories without verifying the server's certificate chain and host name.

Example:

apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
  name: myhelmrepo
  namespace: default
spec:
  type: oci
  interval: 1h
  insecureSkipVerify: true
  url: oci://my-self-signed-helm-repo-url:5000/charts

[stefanprodan]

To work with self-signed certs you can provide the CA to Flux, please see https://fluxcd.io/flux/components/source/helmrepositories/#cert-secret-reference

For security reasons, we decided to not have insecureSkipVerify anywhere in Flux controllers.

[unai-ttxu]

To work with self-signed certs you can provide the CA to Flux, please see https://fluxcd.io/flux/components/source/helmrepositories/#cert-secret-reference

For security reasons, we decided to not have insecureSkipVerify anywhere in Flux controllers.

Hi @stefanprodan, thank you so much for the comment!

I thought it'd be a nice feature to be able to configure self-signed Helm registries without handling the self-signed CA certificates, specially in development environments. But I understand your decision since it's not a good practice.