source-controller
source-controller copied to clipboard
Receiving chart pull error on environment with a proxy - EOF
Environment
I have my k8s cluster deployed behind a firewall, that only allows connections from a proxy that is on the same network.
Setup
Flux version: v2.1.2 Source controller version: 1.1.2 I've setup the gotk as such to be able to use the proxy to fetch things.
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- gotk-components.yaml
patches:
- patch: |
apiVersion: apps/v1
kind: Deployment
metadata:
name: all
spec:
template:
spec:
containers:
- name: manager
env:
- name: "HTTPS_PROXY"
value: "http://proxy.com:3128"
- name: "NO_PROXY"
value: ".cluster.local.,.cluster.local,cluster.local,.svc,127.0.0.0/8,10.0.0.0/8"
- name: "https_proxy"
value: "http://proxy.com:3128"
- name: "no_proxy"
value: ".cluster.local.,.cluster.local,cluster.local,.svc,127.0.0.0/8,10.0.0.0/8"
target:
kind: Deployment
labelSelector: app.kubernetes.io/part-of=flux
And I have HelmRelease and helmrepo configured like this:
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: keda
namespace: keda
spec:
interval: 5m0s
releaseName: keda
install:
createNamespace: true
chart:
spec:
chart: keda
version: '2.12.1'
sourceRef:
kind: HelmRepository
name: charts
namespace: keda
valuesFrom:
- kind: ConfigMap
name: keda-values
---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: charts
namespace: keda
spec:
type: "oci"
interval: 5m0s
url: oci://<acr>/sre/charts/
secretRef:
name: registry-pull-secret
certSecretRef:
name: tls-ca
My HelmRepo is showing as active, but the HelmChart is showing as "Reconciling" and I can see the following error:
chart pull error: failed to download chart for remote reference: failed to get 'oci://<acr>/sre/charts/keda:2.12.1': failed to do request: Head "https://<acr>/v2/sre/charts/keda/manifests/2.12.1": EOF
I thought that this could be related to this issue about http_proxy on busybox images: https://github.com/mirror/busybox/issues/21 , and after that I tried with this docker image as source-controller:
FROM <acr>/sre/fluxcd/source-controller:v1.1.2
USER root
COPY zscaler.crt /etc/ssl/certs/
RUN update-ca-certificates
RUN apk --no-cache -U add openssl wget ca-certificates
# wget https://httpbin.org/get
USER 65534:65534
But I continued to receive the same error.
Do you guys have any idea of what I can do to fix this?