helm dep update does not reuse ca-cert certificate

vermaashutosh commented 5 years ago

I am using nexus helm repository. Using my own ssl created certificate (not signed by any authority). Charts are already deployed in helm repository using some maven helm plugin. I added helm repository successfully(helm repo add ..) but not able to run "helm dep update" command. Looks like same certificate is not reused by "helm dep update"

# helm version
Client: &version.Version{SemVer:"v2.14.3", GitCommit:"0e7f3b6637f7af8fcfddb3d2941fcc7cbebb0085", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.14.3", GitCommit:"0e7f3b6637f7af8fcfddb3d2941fcc7cbebb0085", GitTreeState:"clean"}

# helm init --service-account tiller --upgrade
$HELM_HOME has been configured at /root/.helm.

# helm repo add --ca-file=nexushelm.cer nexus-helm-repo https://<nexus_host_ip>:8443/nexus/repository/helm-release-repo
"nexus-helm-repo" has been added to your repositories

#helm repo list
NAME            URL
stable          https://kubernetes-charts.storage.googleapis.com
local           http://127.0.0.1:8879/charts
nexus-helm-repo https://<nexus_host_ip>:8443/nexus/repository/helm-release-repo

#  cat requirements.yaml
dependencies:
-  name: my-application
   repository: https://<nexus_host_ip>:8443/nexus/repository/helm-release-repo
   version: 1.11.15

What are you trying to do? update helm chart from hosted nexus helm repository.
What feature or behavior is this required for? Not sure. May be option to specify ca-cert with "helm dep update "
How could we solve this issue? (Not knowing is okay!)
Anything else? Here is the error:

# helm dep update
Hang tight while we grab the latest from your chart repositories...
...Unable to get an update from the "local" chart repository (http://127.0.0.1:8879/charts):
        Get http://127.0.0.1:8879/charts/index.yaml: dial tcp 127.0.0.1:8879: connect: connection refused
...Successfully got an update from the "nexus-helm-repo" chart repository
...Successfully got an update from the "stable" chart repository
Update Complete.
Saving 1 charts
Downloading my-application from repo https://<nexus_host_ip>:8443/nexus/repository/helm-release-repo
Save error occurred:  could not download https://<nexus_host_ip>:8443/nexus/repository/helm-release-repo/my-application-1.11.15.tgz: Get https://<nexus_host_ip>:8443/nexus/repository/helm-release-repo/my-application-1.11.15.tgz: x509: certificate signed by unknown authority
Deleting newly downloaded charts, restoring pre-update state
Error: could not download https://<nexus_host_ip>:8443/nexus/repository/helm-release-repo/my-application-1.11.15.tgz: Get https://<nexus_host_ip>:8443/nexus/repository/helm-release-repo/my-application-1.11.15.tgz: x509: certificate signed by unknown authority

pkoehlers commented 5 years ago

I'm experiencing the same issue. I think this is related to helm/helm#5179. Probably this would be fixed by using absolute URLs instead of relative ones in the generated index.yaml?

mlukaretkyi commented 4 years ago

@pkoehlers @vermaashutosh Hi. Is it still relevant?

https://issues.sonatype.org/browse/NEXUS-25201

sonatype-nexus-community / nexus-repository-helm

helm dep update does not reuse ca-cert certificate #51