helm_release with "oci" type URL not working with GitHub repository

avramenkovladyslav commented 1 year ago

Terraform, Provider, Kubernetes and Helm Versions

Terraform version: v1.6.3
Provider version: 2.11.0 (latest)
Kubernetes version: v1.28.0

Affected Resource(s)

helm_release

Terraform Configuration Files

main.tf

resource "kubernetes_namespace" "dragonfly" {
  metadata {
    name = "dragonfly"
  }
}

resource "helm_release" "dragonfly" {
  name       = "dragonfly"
  namespace  = kubernetes_namespace.dragonfly.metadata[0].name
  repository = "oci://ghcr.io/dragonflydb/dragonfly/helm"
  chart      = "dragonfly"
}

provider.tf

provider "helm" {
  kubernetes {
    host                   = var.cluster_host
    token                  = var.cluster_token
    cluster_ca_certificate = var.cluster_certificate
  }
  registry {
    url      = "oci://ghcr.io/dragonflydb/dragonfly/helm"
    username = var.github_username
    password = var.github_password
  }
}

Debug Output

https://gist.github.com/avramenkovladyslav/8b48c6d5d392d6b3c86e9a565604c6cc

NOTE: In addition to Terraform debugging, please set HELM_DEBUG=1 to enable debugging info from helm.

Panic Output

Steps to Reproduce

terraform apply

Expected Behavior

Successful login to github repository and helm chart deploy

Actual Behavior

Error described above

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

arybolovlev commented 1 year ago

Hi @avramenkovladyslav,

I managed to make it work with the following config(no registry block on the provider level):

resource "kubernetes_namespace_v1" "dragonfly" {
  metadata {
    name = "dragonfly"
  }
}

resource "helm_release" "dragonfly" {
  name       = "dragonfly"
  namespace  = kubernetes_namespace_v1.dragonfly.metadata.0.name
  repository = "oci://ghcr.io/dragonflydb/dragonfly/helm"
  chart      = "dragonfly"
  version    = "v1.12.0"
}

It seems to be a public repository and thus authentication is not required, however, the version seems mandatory here. I was following the installation guide.

Without version, both this provider and Helm CLI produce the same error message:

$ helm upgrade --install dragonfly oci://ghcr.io/dragonflydb/dragonfly/helm/dragonfly
Release "dragonfly" does not exist. Installing it now.
Error: Unable to locate any tags in provided repository: oci://ghcr.io/dragonflydb/dragonfly/helm/dragonfly

$ terraform apply -auto-approve
...
helm_release.dragonfly: Creating...
╷
│ Error: could not download chart: Unable to locate any tags in provided repository: oci://ghcr.io/dragonflydb/dragonfly/helm/dragonfly
│
│   with helm_release.dragonfly,
│   on main.tf line 20, in resource "helm_release" "dragonfly":
│   20: resource "helm_release" "dragonfly" {

I hope it helps.

avramenkovladyslav commented 1 year ago

@arybolovlev Thanks it worked. The reason why I thought that login is required is because I couldn't download it with Helm CLI without authentication like this:

export CR_PAT=YOUR_TOKEN
echo $CR_PAT | docker login ghcr.io -u USERNAME --password-stdin

hashicorp / terraform-provider-helm