source-controller
source-controller copied to clipboard
HelmChart does not support auto login on GCR
Hello,
currently i try to deploy a Helm Chart from a HelmRepository like this:
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: oci-poc
spec:
type: oci
interval: 5m0s
url: oci://europe-west1-docker.pkg.dev/project-id/helm-charts
When i use the HelmRepository in a HelmRelease the source controller tries to download a HelmChart
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: oci-poc
spec:
interval: 5m
chart:
spec:
chart: nginx
version: "0.2.0"
sourceRef:
kind: HelmRepository
name: oci-poc
interval: 1m
values:
deployment:
image: &deploymentImage
repository: europe-west1-docker.pkg.dev/project/docker-releases/nginx
tag: "1.1.6"
ports:
- name: &ingressContainerPortName http
containerPort: 80
protocol: TCP
services: &deploymentServices
- type: ClusterIP
ports:
- name: *ingressContainerPortName
appProtocol: http
port: 80
ingress:
host: test.not.existing.de
containerPortName: *ingressContainerPortName
deploymentImage: *deploymentImage
deploymentServices: *deploymentServices
This leads to a HelmChart with a 403 because it doesn't have a proper oauth2 token to present to the GCR. I have seen that OCIRegistry seems to support auto-login and i also found https://github.com/fluxcd/source-controller/issues/798 which referred to work done in https://github.com/fluxcd/image-reflector-controller/issues/264 which seems to be implemented with https://github.com/fluxcd/source-controller/commit/63c94397f7d756518d259f4703ac92900d2dd07e which only implements OCI auto login for OCIRepository not HelmChart