Allow to pull wasm image from insecure registry while using envoy extension policy

[elvenlegolas]

Description:
I got an x509: certificate signed by unknown authority error because the wasm image registry was insecure while using envoy extension policy,I've read about the api docs but couldn't find where I can configure trusted registry in,so I wonder if it can be configured or is a feature to be provided?
Thanks!
[optional Relevant Links:]
istio/istio#36571 is a similar situation.

[zirain]

cc @zhaohuabing

[elvenlegolas]

Hello,I would like to know if there is any way to work around this problem?All the certificates we have in test environment are untrusted,so the wasm usage now is blocked.

[zhaohuabing]

Hi @elvenlegolas As a temporary workaround, Can you use a HTTP code source for testing?

[elvenlegolas]

Hi @elvenlegolas As a temporary workaround, Can you use a HTTP code source for testing?

Ok I'll try it,btw the example wasm http url given in envoy gateway doc https://raw.githubusercontent.com/envoyproxy/envoy/main/examples/wasm-cc/lib/envoy_filter_http_wasm_example.wasm seems invalid now ,would you fix it as a reference?

[kamxnet]

Hi! I'd love to take this issue as my first open-source code contribution.

I'm a networking and security professional getting into Go and cloud-native development, and this looks like a great place to start. I'd really appreciate it if you could assign this to me.

Thanks!

[arkodg]

i believe this is already solved, right @zhaohuabing ?