Add the ability to skip verifying the TLS cert for s3 storage

TheAceMan · TheAceMan · commit 8b8e96444e0c · 2025-06-06T21:00:14.000-05:00
Allow using self signed cert on S3 storage used
diff --git a/README.md b/README.md
@@ -86,6 +86,7 @@ their default values.
 | `s3.encrypt`                | Store images in encrypted format                                                           | `nil`           |
 | `s3.secure`                 | Use HTTPS                                                                                  | `nil`           |
 | `s3.forcepathstyle`         | Use path-style addressing, needed for some s3 compatible storage (minio)                   | `nil`           |
+| `s3.insecureSkipVerify`     | Allows connection to s3 storage using TLS with untrusted/self-signed certificate           | `nil`           |
 | `swift.authurl`             | Swift authurl                                                                              | `nil`           |
 | `swift.container`           | Swift container                                                                            | `nil`           |
 | `proxy.enabled`             | If true, registry will function as a proxy/mirror                                          | `false`         |
diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl
@@ -108,6 +108,11 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
   value: {{ .Values.s3.forcepathstyle | quote }}
 {{- end -}}
 
+{{- if .Values.s3.insecureSkipVerify }}
+- name: REGISTRY_STORAGE_S3_SKIPVERIFY
+  value: {{ .Values.s3.insecureSkipVerify | quote }}
+{{- end -}}
+
 {{- else if eq .Values.storage "swift" }}
 - name: REGISTRY_STORAGE_SWIFT_AUTHURL
   value: {{ required ".Values.swift.authurl is required" .Values.swift.authurl }}
diff --git a/values.yaml b/values.yaml
@@ -105,6 +105,7 @@ secrets:
 #   encrypt: false
 #   secure: true
 #   forcepathstyle: true
+#   insecureSkipVerify: true
 
 # Options for swift storage type:
 # swift:
