Open rmsilva1973 opened 11 months ago
This particular issue appears to be caused by the Helm version validation. It is using load external YAML for index.yaml based Helm repos and fails on potentially custom? addon.
You can turn off helm version validation either globally or per addon as described here.
Hope it helps.
Describe the bug
Running "cdk synth" from a desktop on a corporate network with proxy variables (http_proxy and https_proxy) on a project using helm addons (like "blueprints.SecretsAddon") fails.
Expected Behavior
"cdk synth" should able to lookup the helm addons using the corporate proxy setup by environment variables
Current Behavior
"cdk synth" fails with:
/home/myuser/dev/cdk-eks-project/node_modules/sync-rpc/lib/index.js:165 const error = new Error(msg.v.message); ^ Error: unable to get local issuer certificate at extractValue (/home/myuser/dev/cdk-eks-project/node_modules/sync-rpc/lib/index.js:165:19) at /home/myuser/dev/cdk-eks-project/node_modules/sync-rpc/lib/index.js:175:12 at request (/home/myuser/dev/cdk-eks-project/node_modules/sync-request/lib/index.js:28:15) at loadExternalYaml (/home/myuser/dev/cdk-eks-project/node_modules/@aws-quickstart/eks-blueprints/lib/utils/yaml-utils.ts:46:22) at listChartVersions (/home/myuser/dev/cdk-eks-project/node_modules/@aws-quickstart/eks-blueprints/lib/addons/helm-addon/helm-version-checker.ts:74:48) at checkHelmChartVersion (/home/myuser/dev/cdk-eks-project/node_modules/@aws-quickstart/eks-blueprints/lib/addons/helm-addon/helm-version-checker.ts:91:20) at Function.validateVersion (/home/myuser/dev/cdk-eks-project/node_modules/@aws-quickstart/eks-blueprints/lib/addons/helm-addon/index.ts:64:49) at CsiDriverProviderAws.deploy (/home/myuser/dev/cdk-eks-project/node_modules/@aws-quickstart/eks-blueprints/lib/addons/secrets-store/csi-driver-provider-aws.ts:45:15) at SecretsStoreAddOn.deploy (/home/myuser/dev/cdk-eks-project/node_modules/@aws-quickstart/eks-blueprints/lib/addons/secrets-store/index.ts:66:53) at new EksBlueprint (/home/myuser/dev/cdk-eks-project/node_modules/@aws-quickstart/eks-blueprints/lib/stacks/eks-blueprint-stack.ts:263:34) { code: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY' }
Reproduction Steps
Possible Solution
This bugs seems to be caused by the fact that the library sync-rpc, used by sync-request, used by blueprints yaml-utils.ts spawns a child process which appearently doesn't honor the proxy configurations.
Suggestion: I'm not sure if the loadExternalYaml function in yaml-utils.ts is downloading from an HTTP(S) URL but if that's the case, perhaps sync-request should be dropped in favor of a newer library which honors proxy environments.
Additional Information/Context
No response
CDK CLI Version
2.86.0
EKS Blueprints Version
1.11.13
Node.js Version
18.17.1
Environment details (OS name and version, etc.)
Ubuntu 22.04
Other information
No response