terraform-provider-helm icon indicating copy to clipboard operation
terraform-provider-helm copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

Issue creating OCI registry client

Open zparnold opened this issue 2 years ago • 1 comments

Terraform, Provider, Kubernetes and Helm Versions

Terraform version: 1.1.9
Provider version: 2.5.0
Kubernetes version: 1.21.X

Affected Resource(s)

  • helm_release

Terraform Configuration Files

The following is a module definition and then the next file is an example invocation of this module

resource "helm_release" "releases" {
  for_each = {for object in var.services : object.release_name => object}
  chart = "oci://${var.helm_repo.name}.azurecr.io/helm/${var.team_name}/${each.value.chart_name}"
  name = each.value.release_name
  version = each.value.version
  create_namespace = false
  namespace = var.environment_name
  render_subchart_notes = false
  wait = false
  repository_username = var.helm_repo.admin_username
  repository_password = var.helm_repo.admin_password
  values = var.values
  dynamic "set" {
    for_each = {for el in each.value.values_overrides : el.key => el}
    content {
      name = set.key
      value = set.value.value
    }
  }
}

Module invocation:

module "alcyone_services" {
 source = "../../modules/helm"
 helm_repo   = data.azurerm_container_registry.some_acr
 team_name = "alcyone"
 services = [     
    {
      release_name = "cacheservice",
      chart_name = "cacheservice",
      version = "1.1.0",
      values_overrides = [{
        key = "config.image.tag",
        value = "3.15.0-SNAPSHOT"
      }]
    }
  ]
}

Steps to Reproduce

  1. terraform apply

Expected Behavior

Terraform plan is successful

Actual Behavior

Error: could not create OCI registry client: /path/to/registry/config.json: stat /path/to/registry/config.json: permission denied

with module.alcyone_services.helm_release.releases["cacheservice"], on ../../modules/helm/main.tf line 1, in resource "helm_release" "releases": 1: resource "helm_release" "releases" {

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

zparnold avatar Apr 22 '22 18:04 zparnold

This seems to be an issue stemming from inside Helm itself. It seems to be attempting to read this config.json file every time an OCI operation is requested, regardless of configuration.

One workaround would be to ensure that /path/to/registry/ is accessible to read from for the provider process. The other option would be to set HELM_CONFIG_HOME env variable to some location that is in fact read accessible to the provider.

alexsomesan avatar May 04 '22 17:05 alexsomesan

Marking this issue as stale due to inactivity. If this issue receives no comments in the next 30 days it will automatically be closed. If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. This helps our maintainers find and focus on the active issues. Maintainers may also remove the stale label at their discretion. Thank you!

github-actions[bot] avatar May 05 '23 00:05 github-actions[bot]