missing index on charmuseum
Opened this issue · 7 comments
Hello,
im trying to proxy the world simplest broker helm chart from https://helm.starkandwayne.com/ with JCR (Jfrog container registry).
It seems the chartmuseum is missing index for hosted helm charts
Sure. Im getting a 404 from JRC portal when testing the helm remote
Here are the log i get from our coporate internet proxy (seems OK 200) :
1578494002.946 635 192.168.116.205 TCP_TUNNEL/200 3635 CONNECT helm.starkandwayne.com:443 - HIER_DIRECT/104.27.162.93 -
And the log from from JCR:
2020-01-03 16:08:17,571 [art-exec-2] [INFO ] (o.a.r.HttpRepo :470) - harbor downloading https://helm.goharbor.io/index.yaml Unknown content length
2020-01-03 16:08:17,576 [art-exec-2] [INFO ] (o.a.r.HttpRepo :483) - harbor downloaded https://helm.goharbor.io/index.yaml 10.24 KB at 2,847.02 KB/sec
2020-01-03 16:08:17,918 [art-exec-2] [INFO ] (o.a.r.HttpRepo :470) - helm-remote downloading https://storage.googleapis.com/kubernetes-charts/index.yaml 7.10 MB
2020-01-03 16:08:18,403 [art-exec-2] [INFO ] (o.a.r.HttpRepo :483) - helm-remote downloaded https://storage.googleapis.com/kubernetes-charts/index.yaml 7.10 MB at 15,123.66 KB/sec
2020-01-03 16:08:20,558 [art-exec-2] [ERROR] (o.a.a.h.r.m.HelmVirtualMerger:213) - Couldn't read index file in remote repository starkandwayne : null
Can you also confirm you can manually fetch the index.yaml? I don't know how to help debug this network/chartmusuem/fate of devops gods bug :/
$ curl https://helm.starkandwayne.com/index.yaml
apiVersion: v1
entries:
cf-marketplace-servicebroker:
- apiVersion: v1
created: "2019-09-27T10:40:00Z"
...
Yes curl is OK for index.yaml ...
Despite pushing the JCR log level, i cant get anymore details ...
By the way, wich version of chartmuseum do you use ?
opened issue on jcr https://www.jfrog.com/jira/browse/RTFACT-21534
Hello,
seems the https url is now broken ?
$ curl -vvv https://helm.starkandwayne.com/index.yaml
* Trying 192.168.116.80...
* TCP_NODELAY set
* Connected to system-internet-http-proxy.internal.paas (192.168.116.80) port 3128 (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to helm.starkandwayne.com:443
> CONNECT helm.starkandwayne.com:443 HTTP/1.1
> Host: helm.starkandwayne.com:443
> User-Agent: curl/7.58.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection established
<
* Proxy replied 200 to CONNECT request
* CONNECT phase completed!
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CONNECT phase completed!
* CONNECT phase completed!
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: CN=*.run.pivotal.io
* start date: Nov 18 00:00:00 2020 GMT
* expire date: Dec 17 23:59:59 2021 GMT
* subjectAltName does not match helm.starkandwayne.com
* SSL: no alternative certificate subject name matches target host name 'helm.starkandwayne.com'
* stopped the pause stream!
* Closing connection 0
* TLSv1.2 (OUT), TLS alert, Client hello (1):
curl: (51) SSL: no alternative certificate subject name matches target host name 'helm.starkandwayne.com'
I'll investigate how we might have broken SSL on this URL. We did migrate the app off PWS recently, so I'll assume it was broken during that.