Closed Valgueiro closed 3 weeks ago
Other things that can be useful here:
~ $ wget --spider https://<acr>/v2/sre/rancher-alerting-drivers/manifests/102.1.0
Spider mode enabled. Check if remote file exists.
--2024-05-13 22:07:41-- https://<acr>/v2/sre/rancher-alerting-drivers/manifests/102.1.0
Resolving proxy.com ( proxy.com)... <proxy-ip>
Connecting to proxy.com (proxy.com)|<proxy-ip>|:3128... connected.
Proxy request sent, awaiting response... 401 Unauthorized
Just confirmed here with tcpdump that source-controller is sending requests directly to the OCI URL without using proxy. This should not be happening since the proxy is setup on the flux services like the doc suggests
Can you please try with an OCIRepository and see if that works, example here https://fluxcd.io/blog/2024/05/flux-v2.3.0/#enhanced-helm-oci-support
This is fixed in https://github.com/helm/helm/commit/94c1deae6d5a43491c5a4e8444ecd8273a8122a1 I believe. Upgrading helm to v3.15.0
in source-controller
should resolve this
Switching to OCIRepo and HelmRelease v2 should work as we don’t use the Helm getter in OCIRepo.
I tried to just update to the latest flux version which uses a version of helm that was already fixed ( 1.3.0 source controller points to 3.14.4) but still maintaining the HelmRepository and I did not have success. I will give the OCIRepo a try.
As I wrote above, it is fixed in helm v3.15.0
. We have not updated Flux to that version yet. I would try Stefan suggestion on Flux v2.3.0
.
As I wrote above, the fix is already on flux version 2.3.0. Even the guy who made the fix himself bumped another repository to 3.14.4 to fix his issue. As you can see on the link to the code on 3.14.4, it is already there! Which means that 2.3.0 already have this fix.
So, bumping the version of helm 3.15 in the future must not solve the issue that I am facing.
Thanks @Valgueiro, indeed we instantiate our own http.Transport
. This will be fixed in the next Flux minor.
Environment
I have my k8s cluster deployed behind a firewall, that only allows connections from a proxy that is on the same network.
Setup
Flux version: v2.1.2 Source controller version: 1.1.2 I've setup the gotk as such to be able to use the proxy to fetch things.
And I have HelmRelease and helmrepo configured like this:
My HelmRepo is showing as active, but the HelmChart is showing as "Reconciling" and I can see the following error:
I thought that this could be related to this issue about http_proxy on busybox images: https://github.com/mirror/busybox/issues/21 , and after that I tried with this docker image as source-controller:
But I continued to receive the same error.
Do you guys have any idea of what I can do to fix this?