HOME var overide

[moreiramarti]

Hello,

I'm testing oci registry on AWS ECR and when I'm using helmfile through the argocd script, I got an 401 error. I found that it's related to HOME var override. Registry creds are using HOME var I guess and overriding it, breaks the authentication.

Do you think it's ok to remove this override ?

Thanks

[travisghansen]

I think it will be fine as long as you adhere to:

• ensure repo names/url do not conflict across all projects
• any helm plugins/etc that are installed between projects do not have incompatibilities (ie: project A needs version X and project B needs version Y of the same plugin)

I can't think of other issues but I've never tested it against that configuration so let me know if something pops up.

Alternatively, is it possible to tell the AWS client where to look for it's config more explicitly than just HOME? Might be best to set that globally in the repo server deployment and make it a non-issue.

[moreiramarti]

ECR login is done by argocd. I don't think I can control where credential are stored.

I'm going to comment that part and let you know if something goes wrong.

[travisghansen]

Where do the creds get stored in the repo server container? Can you provide an example path with scrubbed content for me to observe?

[welderpb]

@moreiramarti Did you manage ECR oci login with this plugin?

[travisghansen]

Do we need to add any helper binaries into the sidecar image to help with this?

[welderpb]

@travisghansen, yes, we do. we need aws cli to get ECR token. I tried to add same oci repo in argocd.. but it doesn't help.. Still unauthorized.. Another issue that token is valid only 12h. i guess we need also cronjob like here: https://github.com/argoproj/argo-cd/issues/8097

[travisghansen]

Ok I can look into it or PRs welcome. There are other issues with oci+helmfile as well https://github.com/travisghansen/argo-cd-helmfile/issues/36