-
Notifications
You must be signed in to change notification settings - Fork 90
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
8 changed files
with
259 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,2 +1,2 @@ | ||
| 20927c86b3fd83e65ebb83bcc849e5037f2f4ac64cf0047b70731416a0224713 _output/bin/helm/linux-amd64/helm | ||
| af6707bc4273a6237d5f7532ed9a960fc91204369aa30499d23903a8d420d284 _output/bin/helm/linux-arm64/helm | ||
| 3442d5939aa6ae1aa2a25d5d2fc6a00c656ae5a9889732138c12156099179ff1 _output/bin/helm/linux-amd64/helm | ||
| 734d2121419ffab611772bb5c1bf8226fef7bdd932590fe3950e05de8bc90488 _output/bin/helm/linux-arm64/helm |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| v3.14.3 | ||
| v3.12.1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| 1.21 | ||
| 1.20 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
167 changes: 167 additions & 0 deletions
167
projects/helm/helm/patches/0001-Push-to-insecure-OCI-registry.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,167 @@ | ||
| From 7e94c59c14b030d8a602b3026d08b98e0362fbb0 Mon Sep 17 00:00:00 2001 | ||
| From: "https://github.com/helm/helm/pull/10408" <[email protected]> | ||
| Date: Mon, 29 Nov 2021 16:53:43 +0800 | ||
| Subject: [PATCH 1/3] Push to insecure OCI registry | ||
|
|
||
| Signed-off-by: [email protected] | ||
| --- | ||
| cmd/helm/push.go | 5 ++++- | ||
| pkg/action/pull.go | 7 +++++++ | ||
| pkg/action/push.go | 16 +++++++++++++++- | ||
| pkg/registry/client.go | 32 ++++++++++++++++++++++++++++++++ | ||
| 4 files changed, 58 insertions(+), 2 deletions(-) | ||
|
|
||
| diff --git a/cmd/helm/push.go b/cmd/helm/push.go | ||
| index b1e3e60a..6d2a4c6b 100644 | ||
| --- a/cmd/helm/push.go | ||
| +++ b/cmd/helm/push.go | ||
| @@ -39,6 +39,7 @@ type registryPushOptions struct { | ||
| keyFile string | ||
| caFile string | ||
| insecureSkipTLSverify bool | ||
| + plainHTTP bool | ||
| } | ||
|
|
||
| func newPushCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { | ||
| @@ -77,7 +78,8 @@ func newPushCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { | ||
| client := action.NewPushWithOpts(action.WithPushConfig(cfg), | ||
| action.WithTLSClientConfig(o.certFile, o.keyFile, o.caFile), | ||
| action.WithInsecureSkipTLSVerify(o.insecureSkipTLSverify), | ||
| - action.WithPushOptWriter(out)) | ||
| + action.WithPushOptWriter(out), | ||
| + action.WithPlainHTTP(o.plainHTTP)) | ||
| client.Settings = settings | ||
| output, err := client.Run(chartRef, remote) | ||
| if err != nil { | ||
| @@ -93,6 +95,7 @@ func newPushCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { | ||
| f.StringVar(&o.keyFile, "key-file", "", "identify registry client using this SSL key file") | ||
| f.StringVar(&o.caFile, "ca-file", "", "verify certificates of HTTPS-enabled servers using this CA bundle") | ||
| f.BoolVar(&o.insecureSkipTLSverify, "insecure-skip-tls-verify", false, "skip tls certificate checks for the chart upload") | ||
| + f.BoolVar(&o.plainHTTP, "plain-http", false, "use plain http and not https to connect oci registry") | ||
|
|
||
| return cmd | ||
| } | ||
| diff --git a/pkg/action/pull.go b/pkg/action/pull.go | ||
| index 37ff144d..a7672008 100644 | ||
| --- a/pkg/action/pull.go | ||
| +++ b/pkg/action/pull.go | ||
| @@ -45,6 +45,7 @@ type Pull struct { | ||
| VerifyLater bool | ||
| UntarDir string | ||
| DestDir string | ||
| + PlainHTTP bool | ||
| cfg *Configuration | ||
| } | ||
|
|
||
| @@ -80,6 +81,12 @@ func (p *Pull) SetRegistryClient(client *registry.Client) { | ||
| func (p *Pull) Run(chartRef string) (string, error) { | ||
| var out strings.Builder | ||
|
|
||
| + if p.InsecureSkipTLSverify || p.PlainHTTP { | ||
| + if err := p.cfg.RegistryClient.WithResolver(p.InsecureSkipTLSverify, p.PlainHTTP); err != nil { | ||
| + return out.String(), err | ||
| + } | ||
| + } | ||
| + | ||
| c := downloader.ChartDownloader{ | ||
| Out: &out, | ||
| Keyring: p.Keyring, | ||
| diff --git a/pkg/action/push.go b/pkg/action/push.go | ||
| index 89200640..f456cf98 100644 | ||
| --- a/pkg/action/push.go | ||
| +++ b/pkg/action/push.go | ||
| @@ -37,6 +37,7 @@ type Push struct { | ||
| caFile string | ||
| insecureSkipTLSverify bool | ||
| out io.Writer | ||
| + plainHTTP bool | ||
| } | ||
|
|
||
| // PushOpt is a type of function that sets options for a push action. | ||
| @@ -65,13 +66,20 @@ func WithInsecureSkipTLSVerify(insecureSkipTLSVerify bool) PushOpt { | ||
| } | ||
| } | ||
|
|
||
| -// WithOptWriter sets the registryOut field on the push configuration object. | ||
| +// WithPushOptWriter sets the registryOut field on the push configuration object. | ||
| func WithPushOptWriter(out io.Writer) PushOpt { | ||
| return func(p *Push) { | ||
| p.out = out | ||
| } | ||
| } | ||
|
|
||
| +// WithPlainHTTP determines if connection to the OCI registry happens via HTTP or HTTPS. | ||
| +func WithPlainHTTP(plainHTTP bool) PushOpt { | ||
| + return func(p *Push) { | ||
| + p.plainHTTP = plainHTTP | ||
| + } | ||
| +} | ||
| + | ||
| // NewPushWithOpts creates a new push, with configuration options. | ||
| func NewPushWithOpts(opts ...PushOpt) *Push { | ||
| p := &Push{} | ||
| @@ -85,6 +93,12 @@ func NewPushWithOpts(opts ...PushOpt) *Push { | ||
| func (p *Push) Run(chartRef string, remote string) (string, error) { | ||
| var out strings.Builder | ||
|
|
||
| + if p.insecureSkipTLSverify || p.plainHTTP { | ||
| + if err := p.cfg.RegistryClient.WithResolver(p.insecureSkipTLSverify, p.plainHTTP); err != nil { | ||
| + return out.String(), err | ||
| + } | ||
| + } | ||
| + | ||
| c := uploader.ChartUploader{ | ||
| Out: &out, | ||
| Pushers: pusher.All(p.Settings), | ||
| diff --git a/pkg/registry/client.go b/pkg/registry/client.go | ||
| index f9569b62..1afcdd0e 100644 | ||
| --- a/pkg/registry/client.go | ||
| +++ b/pkg/registry/client.go | ||
| @@ -18,6 +18,7 @@ package registry // import "helm.sh/helm/v3/pkg/registry" | ||
|
|
||
| import ( | ||
| "context" | ||
| + "crypto/tls" | ||
| "encoding/json" | ||
| "fmt" | ||
| "io" | ||
| @@ -177,6 +178,37 @@ func ClientOptHTTPClient(httpClient *http.Client) ClientOption { | ||
| } | ||
| } | ||
|
|
||
| +func (c *Client) newResolver(insecure, plainHTTP bool) (remotes.Resolver, error) { | ||
| + headers := http.Header{} | ||
| + headers.Set("User-Agent", version.GetUserAgent()) | ||
| + opts := []auth.ResolverOption{auth.WithResolverHeaders(headers)} | ||
| + | ||
| + if insecure { | ||
| + httpClient := http.DefaultClient | ||
| + httpClient.Transport = &http.Transport{ | ||
| + TLSClientConfig: &tls.Config{ | ||
| + InsecureSkipVerify: true, | ||
| + }, | ||
| + Proxy: http.ProxyFromEnvironment, | ||
| + } | ||
| + opts = append(opts, auth.WithResolverClient(httpClient)) | ||
| + } | ||
| + if plainHTTP { | ||
| + opts = append(opts, auth.WithResolverPlainHTTP()) | ||
| + } | ||
| + | ||
| + return c.authorizer.ResolverWithOpts(opts...) | ||
| +} | ||
| + | ||
| +func (c *Client) WithResolver(insecure, plainHTTP bool) error { | ||
| + resolver, err := c.newResolver(insecure, plainHTTP) | ||
| + if err != nil { | ||
| + return err | ||
| + } | ||
| + c.resolver = resolver | ||
| + return nil | ||
| +} | ||
| + | ||
| type ( | ||
| // LoginOption allows specifying various settings on login | ||
| LoginOption func(*loginOperation) | ||
| -- | ||
| 2.39.2 |
63 changes: 63 additions & 0 deletions
63
projects/helm/helm/patches/0002-Install-or-upgrade-supports-OCI-insecure-registry.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,63 @@ | ||
| From 29eb89358376414bfbc9b169475d38e8cbfb7e84 Mon Sep 17 00:00:00 2001 | ||
| From: pytimer <[email protected]> | ||
| Date: Fri, 25 Feb 2022 17:34:53 +0800 | ||
| Subject: [PATCH 2/3] Install or upgrade supports OCI insecure registry | ||
|
|
||
| Signed-off-by: pytimer <[email protected]> | ||
| --- | ||
| cmd/helm/flags.go | 1 + | ||
| pkg/action/install.go | 7 +++++++ | ||
| pkg/registry/client.go | 1 - | ||
| 3 files changed, 8 insertions(+), 1 deletion(-) | ||
|
|
||
| diff --git a/cmd/helm/flags.go b/cmd/helm/flags.go | ||
| index 3f89aae2..56c8c4bc 100644 | ||
| --- a/cmd/helm/flags.go | ||
| +++ b/cmd/helm/flags.go | ||
| @@ -63,6 +63,7 @@ func addChartPathOptionsFlags(f *pflag.FlagSet, c *action.ChartPathOptions) { | ||
| f.BoolVar(&c.InsecureSkipTLSverify, "insecure-skip-tls-verify", false, "skip tls certificate checks for the chart download") | ||
| f.StringVar(&c.CaFile, "ca-file", "", "verify certificates of HTTPS-enabled servers using this CA bundle") | ||
| f.BoolVar(&c.PassCredentialsAll, "pass-credentials", false, "pass credentials to all domains") | ||
| + f.BoolVar(&c.PlainHTTP, "plain-http", false, "use plain http to connect oci registry") | ||
| } | ||
|
|
||
| // bindOutputFlag will add the output flag to the given command and bind the | ||
| diff --git a/pkg/action/install.go b/pkg/action/install.go | ||
| index d5c34cef..51bf1291 100644 | ||
| --- a/pkg/action/install.go | ||
| +++ b/pkg/action/install.go | ||
| @@ -121,6 +121,7 @@ type ChartPathOptions struct { | ||
| Username string // --username | ||
| Verify bool // --verify | ||
| Version string // --version | ||
| + PlainHTTP bool // --plain-http | ||
|
|
||
| // registryClient provides a registry client but is not added with | ||
| // options from a flag | ||
| @@ -725,6 +726,12 @@ func (c *ChartPathOptions) LocateChart(name string, settings *cli.EnvSettings) ( | ||
| return name, errors.Errorf("path %q not found", name) | ||
| } | ||
|
|
||
| + if c.InsecureSkipTLSverify { | ||
| + if err := c.registryClient.WithResolver(c.InsecureSkipTLSverify, c.PlainHTTP); err != nil { | ||
| + return "", err | ||
| + } | ||
| + } | ||
| + | ||
| dl := downloader.ChartDownloader{ | ||
| Out: os.Stdout, | ||
| Keyring: c.Keyring, | ||
| diff --git a/pkg/registry/client.go b/pkg/registry/client.go | ||
| index 1afcdd0e..3a5ff75a 100644 | ||
| --- a/pkg/registry/client.go | ||
| +++ b/pkg/registry/client.go | ||
| @@ -189,7 +189,6 @@ func (c *Client) newResolver(insecure, plainHTTP bool) (remotes.Resolver, error) | ||
| TLSClientConfig: &tls.Config{ | ||
| InsecureSkipVerify: true, | ||
| }, | ||
| - Proxy: http.ProxyFromEnvironment, | ||
| } | ||
| opts = append(opts, auth.WithResolverClient(httpClient)) | ||
| } | ||
| -- | ||
| 2.39.2 |
23 changes: 23 additions & 0 deletions
23
projects/helm/helm/patches/0003-Set-proxy-environment-in-HTTP-client.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,23 @@ | ||
| From a641de95394b104f4dc5b79f60522ee69230296e Mon Sep 17 00:00:00 2001 | ||
| From: Pooja Trivedi <[email protected]> | ||
| Date: Thu, 4 Aug 2022 12:28:51 -0700 | ||
| Subject: [PATCH 3/3] Set proxy environment in HTTP client | ||
|
|
||
| --- | ||
| pkg/registry/client.go | 1 + | ||
| 1 file changed, 1 insertion(+) | ||
|
|
||
| diff --git a/pkg/registry/client.go b/pkg/registry/client.go | ||
| index 3a5ff75a..1afcdd0e 100644 | ||
| --- a/pkg/registry/client.go | ||
| +++ b/pkg/registry/client.go | ||
| @@ -189,6 +189,7 @@ func (c *Client) newResolver(insecure, plainHTTP bool) (remotes.Resolver, error) | ||
| TLSClientConfig: &tls.Config{ | ||
| InsecureSkipVerify: true, | ||
| }, | ||
| + Proxy: http.ProxyFromEnvironment, | ||
| } | ||
| opts = append(opts, auth.WithResolverClient(httpClient)) | ||
| } | ||
| -- | ||
| 2.39.2 |