Can't scan private Helm registries and it completely fails
carlosjgp opened this issue · 6 comments
What happened?
I scan a cluster with Helm charts hosted on a private repository and not published in ArtifactHub.
Nova shows an error and reports nothing
helm list --all-namespaces
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
alertmanager alertmanager 7 2023-04-05 13:56:46.280797505 +0000 UTC deployed prometheus-alertmanager-1.26.2 v0.25.0
aws-ebs-csi-driver kube-system 1 2023-03-20 16:37:37.770404253 +0000 UTC deployed aws-ebs-csi-driver-2.13.0 1.13.0
blackbox-exporter observability 52 2023-05-03 15:19:42.78077426 +0000 UTC deployed prometheus-blackbox-exporter-7.0.0 0.22.0
cert-manager cert-manager 5 2022-12-23 09:56:50.204158728 +0000 UTC deployed cert-manager-v1.10.1 v1.10.1
cluster-autoscaler kube-system 4 2022-08-18 16:10:24.075836673 +0000 UTC deployed cluster-autoscaler-9.19.3 1.23.0
external-secrets-operator external-secrets-operator 2 2023-03-08 17:31:27.860405555 +0000 UTC deployed external-secrets-0.7.2 v0.7.2
grafana grafana 451 2023-04-11 08:36:21.117930078 +0000 UTC deployed grafana-6.50.2 9.3.1
grafana-agent observability 16 2023-04-13 15:00:57.071869259 +0000 UTC deployed grafana-agent-1.10.1 v0.32.1
grafana-mixin grafana 1 2023-04-06 16:30:50.012089685 +0000 UTC deployed grafana-mixin-1.2.0 9.0.0
loki loki 56 2023-03-20 16:34:45.279194945 +0000 UTC deployed loki-distributed-0.67.1 2.6.1
loki-mixin loki 6 2023-04-06 16:30:56.009354404 +0000 UTC deployed loki-mixin-1.4.0 2.7.0
metrics-server kube-system 2 2022-08-16 15:59:08.367202395 +0000 UTC deployed metrics-server-6.0.12 0.6.1
mimir mimir 78 2023-04-04 09:52:13.055540826 +0000 UTC deployed mimir-distributed-4.0.0+2 2.5.0
mimir-consul mimir 1 2022-10-20 09:14:12.093974405 +0000 UTC deployed consul-10.9.2 1.13.2
mimir-mixin mimir 4 2023-04-06 16:31:04.910019355 +0000 UTC deployed mimir-mixin-1.4.0 2.0.0
nginx-ingress ingress 11 2023-04-19 14:11:00.752305343 +0000 UTC deployed ingress-nginx-4.6.0 1.7.0
opentelemetry-receiver opentelemetry-receive 1 2023-04-06 18:04:38.414753472 +0000 UTC deployed opentelemetry-collector-0.31.1 0.60.0
prometheus-adapter observability 9 2023-01-18 16:36:00.45799803 +0000 UTC deployed prometheus-adapter-4.0.1 v0.10.0
prometheus-operator observability 22 2023-04-13 15:01:22.674290248 +0000 UTC deployed kube-prometheus-stack-44.2.1 v0.62.0
prometheus-pushgateway observability 1 2023-04-25 12:32:42.515184887 +0000 UTC deployed prometheus-pushgateway-2.1.3 v1.5.1
rds-db-provisioning db-provisioning 2 2023-03-01 16:49:40.333318203 +0000 UTC deployed db-init-0.2.0
reloader kube-system 11 2023-04-27 17:05:24.067960972 +0000 UTC deployed reloader-v1.0.24 v1.0.24
secret-store-csi kube-system 4 2023-03-08 16:09:17.163405598 +0000 UTC deployed secrets-store-csi-driver-1.3.1 1.3.1
tempo tempo 36 2023-04-06 18:17:07.217576895 +0000 UTC deployed tempo-distributed-1.2.10 2.0.1
tempo-mixin tempo 6 2023-04-06 16:30:54.713916756 +0000 UTC deployed tempo-mixin-1.2.0 2.0.0
nova find --format=table --include-all=false
I0512 10:31:44.398591 33819 request.go:690] Waited for 1.02221785s due to client-side throttling, not priority and fairness, request: GET:https://< URL >/apis/serving.knative.dev/v1beta1?timeout=32s
F0512 10:31:47.819450 33819 root.go:272] Error getting artifacthub package repos: failed to search for packages for term prometheus-alertmanager
What did you expect to happen?
Nova uses my local Helm cli configuration and credentials.
eg: Inspecting HELM_REPOSITORY_CONFIG yaml file
How can we reproduce this?
- Go to https://demo.goharbor.io
- Create a new account
- Create a new project
- Create a new Helm chart using
helm create nova-issue - Pack and push the Helm chart using Harbor push command `helm package CHART_PATH && helm push CHART_PACKAGE oci://demo.goharbor.io/< YOUR PROJECT >
- Add Harbor to Helm repos
- Install
nova-issuechart - Run
nova
Version
Version:3.6.2 Commit:a55e37fa76fe9012585dd896a25a1883cf1247c6
Search
- I did search for other open and closed issues before opening this.
Code of Conduct
- I agree to follow this project's Code of Conduct
Additional context
No response
Have you tried using the --url parameter of the nova configuration to pass in your specific private registry URL?
Since this is coming up frequently, I have opened #222 for clearer documentation.
Oh, and lastly, can you please update to the latest patch version - 3.6.4 - there are some bug fixes to how we handle artifact hub
More issues with private repos:
We try to download index.yaml from the repo here:
Line 97 in ace9df2
We're not using any auth when we do that.
Possible fixes here:
- use the helm golang client to get a list of repos (equivalent of
helm repo list) to check against, and maybe filter out public ones. That way users don't have to specify--urlif their env is already set up - use the helm client to just get auth for what's been specified in
--url - use the helm client to retrieve the list of charts in the repo, instead of manually downloading index.yaml
The only helm command I know of to list all the charts in a repo would be helm search. Essentially a helm search repo fairwinds-stable would list all the latest chart versions. That might be sufficient, but it's a bit odd.
We have multiple repositories. Some private, some not on Artifacthub but most on ArtifactHub
It's too complicated to cover everything with Nova and we have opted to use just a script to detect out of data charts from our terminals
Thanks for the this project and the others you are supporting they are all great