Unable to pull helm charts through proxy
philippart opened this issue · 3 comments
I am getting this error caused by our corporate proxy:
[1] KNV1068: failed to run kustomize build in /repo/source/d523134f8a76659526b7ab6b0ea3cc3908a00100/cert-manager, stdout: : Error: accumulating resources: accumulation err='accumulating resources from 'base': '/repo/source/d523134f8a76659526b7ab6b0ea3cc3908a00100/cert-manager/base' must resolve to a file': recursed accumulation of path '/repo/source/d523134f8a76659526b7ab6b0ea3cc3908a00100/cert-manager/base': Error: looks like "https://charts.jetstack.io" is not a valid chart repository or cannot be reached: Get "https://charts.jetstack.io/index.yaml": dial tcp 172.66.44.147:443: connect: connection timed out : unable to run: 'helm pull --untar --untardir /repo/source/d523134f8a76659526b7ab6b0ea3cc3908a00100/cert-manager/base/charts --repo https://charts.jetstack.io cert-manager --version v1.5.3' with env=[HELM_CONFIG_HOME=/tmp/kustomize-helm-924204340/helm HELM_CACHE_HOME=/tmp/kustomize-helm-924204340/helm/.cache HELM_DATA_HOME=/tmp/kustomize-helm-924204340/helm/.data] (is 'helm' installed?) For more information, see https://g.co/cloud/acm-errors#knv1068
How do you configure the corresponding namespace reconciler to use a proxy? Editing the ns-reconciler (or reconciler-manager) configmap to add an HTTPS_PROXY environment variable doesn't seem to be possible (automatically overridden).
Thanks.
Laurent Philippart
Just confirmed that with the proper environment helm pull works fine in the hydration-controller:
export HELM_CONFIG_HOME=/tmp/kustomize-helm-723481838/helm
export HELM_CACHE_HOME=/tmp/kustomize-helm-723481838/helm/.cache
export HELM_DATA_HOME=/tmp/kustomize-helm-723481838/helm/.data
export HTTPS_PROXY=<our proxy>
helm pull --untar --untardir /repo/source/358e7d8ecf8a79d1f70b1a561f744f96a2894474/cert-manager/base/charts --repo https://charts.jetstack.io cert-manager --version v1.5.3
ls -al /repo/source/358e7d8ecf8a79d1f70b1a561f744f96a2894474/cert-manager/base/charts
total 16
drwxr-sr-x 4 65533 65533 4096 Aug 31 14:23 .
drwxr-sr-x 3 65533 65533 4096 Aug 31 14:23 ..
drwxr-sr-x 3 65533 65533 4096 Aug 31 14:23 cert-manager
drwxr-sr-x 2 65533 65533 4096 Aug 31 14:23 cert-manager-v1.5.3.tgz
@philippart is the issue that there is no setting for the HTTPS proxy in the ConfigSync API?
yes and alternatively I don't see how I would be able to customize the configmap to inject an environment variable in the reconciler container.