search

GoogleContainerTools / kpt-config-sync

Config Sync - used to sync Git, OCI and Helm charts to your clusters.
Apache License 2.0
244 stars 43 forks source link

Unable to pull helm charts through proxy #74

Open philippart opened 2 years ago

philippart commented 2 years ago

I am getting this error caused by our corporate proxy: [1] KNV1068: failed to run kustomize build in /repo/source/d523134f8a76659526b7ab6b0ea3cc3908a00100/cert-manager, stdout: : Error: accumulating resources: accumulation err='accumulating resources from 'base': '/repo/source/d523134f8a76659526b7ab6b0ea3cc3908a00100/cert-manager/base' must resolve to a file': recursed accumulation of path '/repo/source/d523134f8a76659526b7ab6b0ea3cc3908a00100/cert-manager/base': Error: looks like "https://charts.jetstack.io" is not a valid chart repository or cannot be reached: Get "https://charts.jetstack.io/index.yaml": dial tcp 172.66.44.147:443: connect: connection timed out : unable to run: 'helm pull --untar --untardir /repo/source/d523134f8a76659526b7ab6b0ea3cc3908a00100/cert-manager/base/charts --repo https://charts.jetstack.io cert-manager --version v1.5.3' with env=[HELM_CONFIG_HOME=/tmp/kustomize-helm-924204340/helm HELM_CACHE_HOME=/tmp/kustomize-helm-924204340/helm/.cache HELM_DATA_HOME=/tmp/kustomize-helm-924204340/helm/.data] (is 'helm' installed?) For more information, see https://g.co/cloud/acm-errors#knv1068

How do you configure the corresponding namespace reconciler to use a proxy? Editing the ns-reconciler (or reconciler-manager) configmap to add an HTTPS_PROXY environment variable doesn't seem to be possible (automatically overridden).

Thanks. Laurent Philippart

philippart commented 2 years ago

Just confirmed that with the proper environment helm pull works fine in the hydration-controller:

export HELM_CONFIG_HOME=/tmp/kustomize-helm-723481838/helm export HELM_CACHE_HOME=/tmp/kustomize-helm-723481838/helm/.cache export HELM_DATA_HOME=/tmp/kustomize-helm-723481838/helm/.data export HTTPS_PROXY=<our proxy> helm pull --untar --untardir /repo/source/358e7d8ecf8a79d1f70b1a561f744f96a2894474/cert-manager/base/charts --repo https://charts.jetstack.io cert-manager --version v1.5.3 ls -al /repo/source/358e7d8ecf8a79d1f70b1a561f744f96a2894474/cert-manager/base/charts total 16 drwxr-sr-x 4 65533 65533 4096 Aug 31 14:23 . drwxr-sr-x 3 65533 65533 4096 Aug 31 14:23 .. drwxr-sr-x 3 65533 65533 4096 Aug 31 14:23 cert-manager drwxr-sr-x 2 65533 65533 4096 Aug 31 14:23 cert-manager-v1.5.3.tgz

mikebz commented 2 years ago

@philippart is the issue that there is no setting for the HTTPS proxy in the ConfigSync API?

philippart commented 2 years ago

yes and alternatively I don't see how I would be able to customize the configmap to inject an environment variable in the reconciler container.