https://pulumi.com logo
Title
f

fancy-xylophone-14066

01/03/2023, 3:53 PM
Hi community, i'm relatively new using Pulumi and im having troubles trying to execute a Release if the chart link im calling is an "oci://..." stored in a Private AWS ECR (I've read that this is supported on helm.v3.Release() but not on helm.v3.Chart()) , it returns Unauthorized, the question is, How should i pass the ecr credentials into the Release function? I've tried to use the RepositoryOpts argument (with repo, username and password) but couldn't find the workaround. I've tried different variations of the following function (with or without the RepositoryOpts argument):
pulumi_kubernetes.helm.v3.Release(
    "resource_name",
    resource_args_object=pulumi_kubernetes.helm.v3.ReleaseArgs(
            chart="oci://{account}.dkr.ecr.{region}.<http://amazonaws.com/{chart_name}|amazonaws.com/{chart_name}>",
            version={chart_version},
            values=values,
            namespace=namespace,
            create_namespace=True,
            reset_values=True,
            force_update=True,
            dependency_update=True,
            ),
    opts=pulumi.ResourceOptions(provider=provider),
)
Where provider is a pulumi_kubernetes.Provider with the cluster kubeconfig. Does someone have any example of how this should be done?
b

billowy-army-68599

01/03/2023, 3:58 PM
you can work around it by doing
helm registry login
before running pulumi
f

fancy-xylophone-14066

01/03/2023, 4:00 PM
i've tried that but i couldnt :c, before running that Release i'm executig:
"helm registry login {registry_url} -u {auth_token.user_name} -p {auth_token.password}"
At the moment im pulling the chart to local, use it to execute the Release and delete it after that. It works but its awful
m

many-telephone-49025

01/03/2023, 4:33 PM
Not sure about ECR but could you work with a IAM role? I know that in Azure you have the Pull role for images from ACR
f

fancy-xylophone-14066

01/03/2023, 6:29 PM
• Solved Finally i solved it by setting "helm_release_setting" argument with the registry-config path hardcoded, probably the "helm registry login" and this config where targeting different paths for the registry config.
"helm registry login {registry_url} -u {auth_token.user_name} -p {auth_token.password} --registry-config {path}"

k8s.ProviderArgs(
    kubeconfig=kubeconfig,
    helm_release_settings=k8s.HelmReleaseSettingsArgs(
        registry_config_path=path
        )
    ),
Thanks =D