search

container-registry / helm-charts-oci-proxy

The Helm Charts OCI Proxy, will proxy and transform Helm Chart into OCI images on the fly. Address any Helm Chart as OCI image.
GNU Affero General Public License v3.0
97 stars 8 forks source link

Issues with cert-manager #17

Open devantler opened 5 months ago

devantler commented 5 months ago

Hey,

I am scratching my head because the service works well for all our deployments but not for cert-manager. With cert-manager, it seems Chartproxy is unable to convert the Helm Chart to OCI.

These are the logs I am getting:

proxy-2024/06/10 12:53:53 download index: https://charts.jetstack.io/index.yaml                                                                
proxy-2024/06/10 12:53:53 downloading : https://charts.jetstack.io/index.yaml                                                                   
proxy-2024/06/10 12:53:54 searching index for cert-manager with reference v1.15.0                                                                     
proxy-2024/06/10 12:53:54 downloading : https://charts.jetstack.io/charts/cert-manager-v1.15.0.tgz-pod-autoscaler@9.8.2
proxy-2024/06/10 12:53:54 searching index for cert-manager with reference v1.15.0
proxy-2024/06/10 12:53:54 downloading : https://charts.jetstack.io/charts/cert-manager-v1.15.0.tgz
proxy-2024/06/10 12:53:54 HEAD /v2/charts.jetstack.io/cert-manager/manifests/v1.15.0 404 NOT FOUND Chart prepare error

Below is my HelmRepository and HelmRelease manifests for cert-manager:

apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
  name: cert-manager
spec:
  insecure: true
  type: oci
  url: oci://${helm_charts_proxy_url:=chartproxy.container-registry.com}/charts.jetstack.io
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: cert-manager
spec:
  interval: 1m
  chart:
    spec:
      chart: cert-manager
      version: v1.15.0
      sourceRef:
        kind: HelmRepository
        name: cert-manager
  # https://github.com/cert-manager/cert-manager/blob/master/deploy/charts/cert-manager/values.yaml
  values:
    # This configures cert-manager to install and upgrade CRDs as part of the Helm release.
    # https://cert-manager.io/docs/installation/helm/#helm-installation
    installCRDs: true

And lastly here is my HelmRelease manifest for helm-charts-oci-proxy:

apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: helm-charts-oci-proxy
spec:
  interval: 1m
  chart:
    spec:
      chart: helm-charts-oci-proxy
      version: 1.2.3
      sourceRef:
        kind: HelmRepository
        name: helm-charts-oci-proxy
  # https://github.com/container-registry/helm-charts-oci-proxy/blob/main/chart/values.yaml
  values:
    image:
      tag: staging-202404291447
    app:
      env_vars:
        DEBUG: true
        # USE_TLS: true
        # INDEX_CACHE_TTL: 60 # for how long we have stores manifest and its related blobs
        # MANIFEST_CACHE_TTL: 14400 # for how long we store chart index file content

I am using a self-hosted chartproxy, as I owerwrite the ${helm_charts_proxy_url:=chartproxy.container-registry.com} with the following url: oci://helm-charts-oci-proxy.helm-charts-oci-proxy:9000, so I am pretty sure that this is not related to caching. I have also checked that the the https://charts.jetstack.io/index.yaml looks as expected. Has anyone experienced this?

EStork09 commented 2 months ago

I am also seeing this with the hosted version:

helm pull oci://chartproxy.container-registry.com/charts.jetstack.io/cert-manager --version v1.11.2
Error: chartproxy.container-registry.com/charts.jetstack.io/cert-manager:v1.11.2: not found

helm pull oci://chartproxy.container-registry.com/zotregistry.dev/helm-charts/zot --version 0.1.60
Pulled: chartproxy.container-registry.com/zotregistry.dev/helm-charts/zot:0.1.60
Digest: sha256:062bacd2dfd2e738ad96f19a87cae8e2589f547952d7599ef59fdd340a6ec89b

Might be an issue with the way they are hosting the jetstack helm repo, although with the url in the logs I am able to just download it by navigating to that url.

EStork09 commented 2 months ago

If you remove the --version "v" it will work, it looks like the v is appended and removed across a few locations. I am not entirely sure but the Manifest Map doesn't have the v in it, so when it looks up with the target it fails. Somewhere the v needs to be persisted in the version or it needs to just be removed as it is already being dropped in one location.

helm pull oci://chartproxy.container-registry.com/charts.jetstack.io/cert-manager --version v1.11.2
Error: chartproxy.container-registry.com/charts.jetstack.io/cert-manager:v1.11.2: not found

helm pull oci://chartproxy.container-registry.com/charts.jetstack.io/cert-manager --version 1.11.2
Pulled: chartproxy.container-registry.com/charts.jetstack.io/cert-manager:1.11.2
Digest: sha256:9092d6334348d9172684fcd0561c7a798696802f95169b40349b76c02627d81e
EStork09 commented 2 months ago

https://github.com/container-registry/helm-charts-oci-proxy/blob/main/internal/manifest/manifest.go#L190 I am not entirely sure how m.manifests[repo] is getting created but that is where the problem is, I am guessing the prepareChart pushes it to the m.manifests in some form but I am not 100% familiar enough to get further than that in this short look.