Using Helm Registry Plug-in with a self-signed certificate

This document assumes you have deployed Quay Enterprise with a self-signed certificate.

Appr uses the Python Requests library, which trusts only a standard set of certificates by default. This prevents Helm from interacting with a Quay Enterprise instance that is using a self-signed certificate.

The error is reported as a connection error when attempting to interact with the registry:

$ helm registry version
Api-version: .. Connection error
Client-version: 0.3.7

To work around this restriction, add the CA for the self-signed certificate to the default list of trusted Certificate Authorities. This process is described for the following platforms:

Add an environment variable that points Python Requests to the correct certificate chain:

$ export REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt

This will allow Helm to connect to Quay Enterprise:

$ helm registry version   
Api-version: {u'cnr-api': u'0.2.7'}
Client-version: 0.3.7