Public OCI GHCR repository returns 403

[dzervas]

Terraform, Provider, Kubernetes and Helm Versions

Terraform version: 1.8.4
Provider version: 2.14.0
Kubernetes version: 2.31.0

Affected Resource(s)

• helm_release

Terraform Configuration Files

resource "helm_release" "magicentry" {
  name             = "auth"
  namespace        = kubernetes_namespace.magicentry.metadata[0].name
  create_namespace = true
  atomic           = true

  repository = "oci://ghcr.io/dzervas/charts"
  chart      = "magicentry"
  version    = "0.3.14"
  values     = [file("${path.module}/magicentry-values.yaml")]
}

Debug Output

https://gist.github.com/dzervas/65367fb9c94c15bf7e0260f781a63503

Panic Output

Steps to Reproduce

1. terraform apply

Expected Behavior

Create the helm release

Actual Behavior

returns an error:

Error: failed to authorize: failed to fetch oauth token: unexpected status from GET request to https://ghcr.io/token?scope=repository%3Adzervas%2Fcharts%2Fmagicentry%3Apull&service=ghcr.io: 403 Forbidden

The registry and the helm chart are public and the requested URL without any kind of credentials returns 200:

╰─❯ curl -D- 'https://ghcr.io/token?scope=repository%3Adzervas%2Fcharts%2Fmagicentry%3Apull&service=ghcr.io'
HTTP/2 200
content-type: application/json
docker-distribution-api-version: registry/2.0
date: Sat, 29 Jun 2024 14:45:51 GMT
content-length: 77
x-github-request-id: 072E:2E3A15:4E...

{"token":"djE6ZHplcnZhcy9jaGFydHMvbWFnaWNlbnRyeT..."}

Important Factoids

Running k3s v1.27.4+k3s1

References

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

[arybolovlev]

Hi @dzervas,

I was not able to reproduce this issue. I have run the provided code snippet and it worked with no issue on the first run:

$ helm list
NAME            NAMESPACE   REVISION    UPDATED                                 STATUS      CHART                           APP VERSION
auth            default     1           2024-07-03 09:22:53.217495 +0200 CEST   deployed    magicentry-0.3.14               0.3.14