Add annotation to set insecureSkipTLSVerify

Signed-off-by: Varsha Prasad Narsing <varshaprasad96@gmail.com>

internal/controllers/clusterextension_controller.go

@@ -97,6 +97,10 @@ type InstalledBundleGetter interface {
 	GetInstalledBundle(ctx context.Context, acg helmclient.ActionClientGetter, allBundles []*catalogmetadata.Bundle, ext *ocv1alpha1.ClusterExtension) (*catalogmetadata.Bundle, error)
 }
 
+const (
+	bundleConnectionAnnotation string = "bundle.connection.config/insecureSkipTLSVerify"
+)
+
 //+kubebuilder:rbac:groups=olm.operatorframework.io,resources=clusterextensions,verbs=get;list;watch
 //+kubebuilder:rbac:groups=olm.operatorframework.io,resources=clusterextensions/status,verbs=update;patch
 //+kubebuilder:rbac:groups=olm.operatorframework.io,resources=clusterextensions/finalizers,verbs=update
@@ -532,13 +536,24 @@ func (r *ClusterExtensionReconciler) generateBundleDeploymentForUnpack(bundlePat
 				Type: rukpakv1alpha2.SourceTypeImage,
 				Image: &rukpakv1alpha2.ImageSource{
 					Ref:                   bundlePath,
-					InsecureSkipTLSVerify: true,
+					InsecureSkipTLSVerify: isInsecureSkipTLSVerifySet(ce),
 				},
 			},
 		},
 	}
 }
 
+func isInsecureSkipTLSVerifySet(ce *ocv1alpha1.ClusterExtension) bool {
+	if ce == nil {
+		return false
+	}
+	value, ok := ce.Annotations[bundleConnectionAnnotation]
+	if !ok {
+		return false
+	}
+	return value == "true"
+}
+
 // SetupWithManager sets up the controller with the Manager.
 func (r *ClusterExtensionReconciler) SetupWithManager(mgr ctrl.Manager) error {
 	controller, err := ctrl.NewControllerManagedBy(mgr).

test/e2e/cluster_extension_install_test.go

@@ -45,6 +45,9 @@ func testInit(t *testing.T) (*ocv1alpha1.ClusterExtension, *catalogd.Catalog) {
 	clusterExtension := &ocv1alpha1.ClusterExtension{
 		ObjectMeta: metav1.ObjectMeta{
 			Name: clusterExtensionName,
+			Annotations: map[string]string{
+				"bundle.connection.config/insecureSkipTLSVerify": "true",
+			},
 		},
 	}
 	return clusterExtension, extensionCatalog