search

ansible-collections / kubernetes.core

The collection includes a variety of Ansible content to help automate the management of applications in Kubernetes and OpenShift clusters, as well as the provisioning and maintenance of clusters themselves.
Other
212 stars 134 forks source link

kubernetes.core.helm supports OCI registry #578

Open willzhang opened 1 year ago

willzhang commented 1 year ago
SUMMARY

support helm registry login

# helm registry --help

This command consists of multiple subcommands to interact with registries.

Usage:
  helm registry [command]

Available Commands:
  login       login to a registry
  logout      logout from a registry

the feature like this: registry_username registry_password

- name: Install nginx
  kubernetes.core.helm:
    chart_ref: oci://registry.hub/helm-charts/nginx
    chart_version: 13.2.22
    registry_username: admin
    registry_password: 123456
ISSUE TYPE

i have try this https://github.com/ansible-collections/kubernetes.core/issues/429#issuecomment-1326414484

- name: Install nginx
  kubernetes.core.helm:
    chart_ref: oci://registry.hub/helm-charts/nginx
    chart_version: 13.2.22
    create_namespace: true
    release_name: nginx
    release_namespace: nginx
    release_state: present

but i have a docker registry with basic auth, so it error with 401 Unauthorized

root@945914a03027:/kubespray# ansible-playbook -i inventory/mycluster/inventory.ini nginx.yml 
[WARNING]: Skipping callback plugin 'ara_default', unable to load

PLAY [kube_control_plane[0]] ***************************************************************************************************************************************************
Tuesday 31 January 2023  10:22:26 +0000 (0:00:00.053)       0:00:00.053 ******* 

TASK [kubernetes-apps/nginx : Install nginx] ***********************************************************************************************************************************
fatal: [node1]: FAILED! => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python3"}, "changed": false, "command": "/usr/local/bin/helm --version=13.2.22 show chart oci://kubespray.hub/helm-charts/nginx", "msg": "Failure when executing Helm command. Exited 1.\nstdout: \nstderr: Error: pulling from host kubespray.hub failed with status code [manifests 13.2.22]: 401 Unauthorized\n", "stderr": "Error: pulling from host kubespray.hub failed with status code [manifests 13.2.22]: 401 Unauthorized\n", "stderr_lines": ["Error: pulling from host kubespray.hub failed with status code [manifests 13.2.22]: 401 Unauthorized"], "stdout": "", "stdout_lines": []}

PLAY RECAP *********************************************************************************************************************************************************************
node1                      : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0   

Tuesday 31 January 2023  10:22:27 +0000 (0:00:00.785)       0:00:00.839 ******* 
=============================================================================== 
kubernetes-apps/nginx : Install nginx ----------------------------------------------------------------------------------------------------------------------------------- 0.79s
root@945914a03027:/kubespray# nano roles/kubernetes-apps/nginx/tasks/main.yml

temporary solution

- name: login helm registry
  shell: "{{ bin_dir }}/helm registry login registry.hub -u admin -p Registry12345"
COMPONENT NAME

kubernetes.core.helm

ADDITIONAL INFORMATION

helm registry login will support oci registry like docker registry or harbor registry with username and password.

madoe commented 4 weeks ago

Is there any progress or plans for when the PR will be implemented? We are in the process of migrating all our private helm-repositories to OCI-only. This is the last problem that is preventing us from finishing.