Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-ai
pulumi-cdk
pulumi-cloud
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Title
f
fancy-xylophone-14066
01/03/2023, 3:53 PMHi community, i'm relatively new using Pulumi and im having troubles trying to execute a Release if the chart link im calling is an "oci://..." stored in a Private AWS ECR (I've read that this is supported on helm.v3.Release() but not on helm.v3.Chart()) , it returns Unauthorized, the question is, How should i pass the ecr credentials into the Release function? I've tried to use the RepositoryOpts argument (with repo, username and password) but couldn't find the workaround.
I've tried different variations of the following function (with or without the RepositoryOpts argument):
pulumi_kubernetes.helm.v3.Release(
"resource_name",
resource_args_object=pulumi_kubernetes.helm.v3.ReleaseArgs(
chart="oci://{account}.dkr.ecr.{region}.<http://amazonaws.com/{chart_name}|amazonaws.com/{chart_name}>",
version={chart_version},
values=values,
namespace=namespace,
create_namespace=True,
reset_values=True,
force_update=True,
dependency_update=True,
),
opts=pulumi.ResourceOptions(provider=provider),
)b
billowy-army-68599
01/03/2023, 3:58 PMthis is unfortunately a known issue
https://github.com/pulumi/pulumi-kubernetes/issues/1914
you can work around it by doing
helm registry loginf
fancy-xylophone-14066
01/03/2023, 4:00 PMi've tried that but i couldnt :c, before running that Release i'm executig:
"helm registry login {registry_url} -u {auth_token.user_name} -p {auth_token.password}"At the moment im pulling the chart to local, use it to execute the Release and delete it after that. It works but its awful
m
many-telephone-49025
01/03/2023, 4:33 PMNot sure about ECR but could you work with a IAM role? I know that in Azure you have the Pull role for images from ACR
f
fancy-xylophone-14066
01/03/2023, 6:29 PM• Solved
Finally i solved it by setting "helm_release_setting" argument with the registry-config path hardcoded, probably the "helm registry login" and this config where targeting different paths for the registry config.
"helm registry login {registry_url} -u {auth_token.user_name} -p {auth_token.password} --registry-config {path}"
k8s.ProviderArgs(
kubeconfig=kubeconfig,
helm_release_settings=k8s.HelmReleaseSettingsArgs(
registry_config_path=path
)
),