kubernetes.core icon indicating copy to clipboard operation
kubernetes.core copied to clipboard
verified publisher icon ansible-collections

kubernetes.core.helm supports OCI registry

Open weironz opened this issue 2 years ago • 3 comments

SUMMARY

support helm registry login

# helm registry --help

This command consists of multiple subcommands to interact with registries.

Usage:
  helm registry [command]

Available Commands:
  login       login to a registry
  logout      logout from a registry

the feature like this: registry_username registry_password

- name: Install nginx
  kubernetes.core.helm:
    chart_ref: oci://registry.hub/helm-charts/nginx
    chart_version: 13.2.22
    registry_username: admin
    registry_password: 123456
ISSUE TYPE

i have try this https://github.com/ansible-collections/kubernetes.core/issues/429#issuecomment-1326414484

- name: Install nginx
  kubernetes.core.helm:
    chart_ref: oci://registry.hub/helm-charts/nginx
    chart_version: 13.2.22
    create_namespace: true
    release_name: nginx
    release_namespace: nginx
    release_state: present

but i have a docker registry with basic auth, so it error with 401 Unauthorized

root@945914a03027:/kubespray# ansible-playbook -i inventory/mycluster/inventory.ini nginx.yml 
[WARNING]: Skipping callback plugin 'ara_default', unable to load

PLAY [kube_control_plane[0]] ***************************************************************************************************************************************************
Tuesday 31 January 2023  10:22:26 +0000 (0:00:00.053)       0:00:00.053 ******* 

TASK [kubernetes-apps/nginx : Install nginx] ***********************************************************************************************************************************
fatal: [node1]: FAILED! => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python3"}, "changed": false, "command": "/usr/local/bin/helm --version=13.2.22 show chart oci://kubespray.hub/helm-charts/nginx", "msg": "Failure when executing Helm command. Exited 1.\nstdout: \nstderr: Error: pulling from host kubespray.hub failed with status code [manifests 13.2.22]: 401 Unauthorized\n", "stderr": "Error: pulling from host kubespray.hub failed with status code [manifests 13.2.22]: 401 Unauthorized\n", "stderr_lines": ["Error: pulling from host kubespray.hub failed with status code [manifests 13.2.22]: 401 Unauthorized"], "stdout": "", "stdout_lines": []}

PLAY RECAP *********************************************************************************************************************************************************************
node1                      : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0   

Tuesday 31 January 2023  10:22:27 +0000 (0:00:00.785)       0:00:00.839 ******* 
=============================================================================== 
kubernetes-apps/nginx : Install nginx ----------------------------------------------------------------------------------------------------------------------------------- 0.79s
root@945914a03027:/kubespray# nano roles/kubernetes-apps/nginx/tasks/main.yml

temporary solution

- name: login helm registry
  shell: "{{ bin_dir }}/helm registry login registry.hub -u admin -p Registry12345"
COMPONENT NAME

kubernetes.core.helm

ADDITIONAL INFORMATION

helm registry login will support oci registry like docker registry or harbor registry with username and password.

weironz avatar Jan 31 '23 10:01 weironz

Is there any progress or plans for when the PR will be implemented? We are in the process of migrating all our private helm-repositories to OCI-only. This is the last problem that is preventing us from finishing.

madoe avatar Aug 15 '24 16:08 madoe

Do you need help with the PR #601or are there any blockers to its inclusion?

OnceUponALoop avatar Sep 14 '24 00:09 OnceUponALoop

We're also potentially blocked on this - is there any indication of when it can be merged?

madAndroid avatar Oct 10 '24 12:10 madAndroid