OCI Repositories

[abohmeed]

Setting .spec.provider to aws is mandatory when using OIDC and IRSA for allowing the pods to talk to ECR using a role. Failing to add this provider to the Helm Repository manifest will make the Source Controller receive 401 error from AWS when trying to downoad the Helm artifact even when using the correct role and policy. The documentation states that it is optional but in the next prapgraph, it details how to attach a role to the source-controller service account so that it can pull charts from ECR which won't happen without correctly setting the provider.

[darkowlzz]

Hi, are you referring to this docs section https://fluxcd.io/flux/components/source/helmrepositories/#aws ? If that is so, node IAM and IRSA, are subsections of the provider.aws section. The document states that setting provider.aws is optional if you're not using AWS. But if you do, then you have to follow the respective docs of node IAM or IRSA. Is there any way we can improve the docs? You can also create a pull request with your suggestion on improving the docs. The source an be found in https://github.com/fluxcd/source-controller/blob/66b93aad314d523fbe97c83d431b69e44a198df8/docs/spec/v1beta2/helmrepositories.md#aws .