values.schema.json included in a helm chart leads to error in air-gapped environments (nginx-ingress)
u3813 opened this issue · 3 comments
Describe the bug
Hello everyone,
this issue rancher/fleet#1430 describes the exact problem that I'm running into. I'm in an air-gapped environment and I'm using JFrog Artifactory to host a copy of the nginx-ingress (v1.3.2) helm chart from oci://ghcr.io/nginxinc/charts/nginx-ingress, see https://docs.nginx.com/nginx-ingress-controller/installation/installing-nic/installation-with-helm/.
I set up a Flux HelmRepository pointing towards my Artifactory mirror and a Flux HelmRelease that is using the HelmRepository. I can pull the chart in my air-gapped environment without any issues. But the HelmRelease is throwing an error, complaining that files like https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.31.0/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector/properties/matchLabels cannot be pulled (since I'm in an air-gapped environment). I can't post the exact error message right now, but it's something along the lines of raw.githubusercontent.com can't be reached.
To understand what's going on, you can download the helm chart and inspect its content:
helm pull oci://ghcr.io/nginxinc/charts/nginx-ingress --version 1.3.2
You will find a file called values.schema.json in which numerous files hosted at https://raw.githubusercontent.com are referenced. The helm docs describe the values.schema.json as follows:
A JSON Schema for imposing a structure on the values.yaml file
Sometimes, a chart maintainer might want to define a structure on their values. This can be done by defining a schema in the values.schema.json file. A schema is represented as a JSON Schema
Are there any workarounds for this in Flux? As it stands I'm unable to use this chart in combination with Flux.
Steps to reproduce
- Set up an air-gapped Kubernetes environment (v1.28.0) and Flux
- Set up a helm chart mirror and a docker registry mirror for the
nginx-ingresschart and its docker images (e. g. using Artifactory) - Set up the HelmRepository and HelmRelease accordingly
Expected behavior
There should be an option to ignore values.schema.jsons included in a file or an option to overwrite its contents
Screenshots and recordings
No response
OS / Distro
Linux
Flux version
v2.3.0
Flux check
_ checking prerequisites
_ Kubernetes 1.29.5+k3s1 >=1.28.0-0
_ checking version in cluster
_ distribution: flux-v2.3.0
_ bootstrapped: false
_ checking controllers
_ helm-controller: deployment ready
_ ghcr.io/fluxcd/helm-controller:v1.0.1
_ kustomize-controller: deployment ready
_ ghcr.io/fluxcd/kustomize-controller:v1.3.0
_ source-controller: deployment ready
_ ghcr.io/fluxcd/source-controller:v1.3.0
_ notification-controller: deployment ready
_ ghcr.io/fluxcd/notification-controller:v1.3.0
_ checking crds
_ alerts.notification.toolkit.fluxcd.io/v1beta3
_ buckets.source.toolkit.fluxcd.io/v1beta2
_ gitrepositories.source.toolkit.fluxcd.io/v1
_ helmcharts.source.toolkit.fluxcd.io/v1
_ helmreleases.helm.toolkit.fluxcd.io/v2
_ helmrepositories.source.toolkit.fluxcd.io/v1
_ kustomizations.kustomize.toolkit.fluxcd.io/v1
_ ocirepositories.source.toolkit.fluxcd.io/v1beta2
_ providers.notification.toolkit.fluxcd.io/v1beta3
_ receivers.notification.toolkit.fluxcd.io/v1
_ all checks passed
Git provider
No response
Container Registry provider
No response
Additional context
No response
Code of Conduct
- I agree to follow this project's Code of Conduct
I have also found this issue nginxinc/kubernetes-ingress#5374, which references the following Helm pull request: helm/helm#12743.
The changes from this pull request were added in Helm v3.16.0, which was released last week. This version adds a new option --skip-schema-validation, which does exactly what I need for my air-gapped environment.
Would it be possible to implement this option into Flux in one of the upcoming releases?
It looks like Stefan already bumped the Helm version to v3.16.1 here: fluxcd/source-controller#1610
Apparently it's going to be part of Flux v2.4.0: #4947.
I'm gonna go ahead and close this issue then.
Actually, I might have closed this issue too early.
@stefanprodan Will the new Helm option --skip-schema-validation also be added to Flux with v2.4.0? Thanks in advance.