Skip to content

Commit 39e68d7

Browse files
aryan9600aryan9600
committed
helmrepo: add docs for .spec.certSecretRef
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
1 parent 94e5235 commit 39e68d7

File tree

1 file changed

+28
-6
lines changed

1 file changed

+28
-6
lines changed

docs/spec/v1beta2/helmrepositories.md

+28-6
Original file line numberDiff line numberDiff line change
@@ -452,15 +452,37 @@ flux create secret oci ghcr-auth \
452452
--password=${GITHUB_PAT}
453453
```
454454

455-
#### TLS authentication
455+
**Note**: Support for specifying TLS authentication data using this API
456+
has been deprecated. Please use [`.spec.certSecretRef`](#cert-secret-reference)
457+
instead. If the controller uses the secret specfied by this field to configure
458+
TLS, then a `DeprecationWarning` event will be emitted.
459+
460+
### Cert secret reference
456461

457462
**Note:** TLS authentication is not yet supported by OCI Helm repositories.
458463

459-
To provide TLS credentials to use while connecting with the Helm repository,
460-
the referenced Secret is expected to contain `.data.certFile` and
461-
`.data.keyFile`, and/or `.data.caFile` values.
464+
`.spec.certSecretRef.name` is an optional field to specify a secret containing TLS
465+
certificate data. The secret can contain the following keys:
462466

463-
For example:
467+
* `certFile` and `keyFile`: The client certificate and private key used for TLS client
468+
authentication. These must be used in conjunction, i.e. specifying one without the other
469+
will lead to an error.
470+
* `caFile`: The CA certificate used to verify the server, which is required if
471+
the server is using a self-signed certificate.
472+
473+
If the server is using a self-signed certificate and has TLS client authentication enabled,
474+
all three values are required.
475+
476+
All the files in the secret are expected to be [PEM-encoded][pem-encoding]. Assuming you have
477+
three files; `client.key`, `client.crt` and `ca.crt` for the client private key, client
478+
certificate and the CA certificate respectively, you can generate the required secret using
479+
the `flux creat secret helm` command:
480+
481+
```bash
482+
flux create secret helm tls --key-file=client.key --cert-file=client.crt --ca-file=ca.crt
483+
```
484+
485+
Example usage:
464486

465487
```yaml
466488
---
@@ -472,7 +494,7 @@ metadata:
472494
spec:
473495
interval: 5m0s
474496
url: https://example.com
475-
secretRef:
497+
certSecretRef:
476498
name: example-tls
477499
---
478500
apiVersion: v1

0 commit comments

Comments
 (0)