Hi community i m relatively new using Pulumi and im having t Pulumi Community #general

Hi community, i'm relatively new using Pulumi and ...

fancy-xylophone-14066

01/03/2023, 3:53 PM

Hi community, i'm relatively new using Pulumi and im having troubles trying to execute a Release if the chart link im calling is an "oci://..." stored in a Private AWS ECR (I've read that this is supported on helm.v3.Release() but not on helm.v3.Chart()) , it returns Unauthorized, the question is, How should i pass the ecr credentials into the Release function? I've tried to use the RepositoryOpts argument (with repo, username and password) but couldn't find the workaround. I've tried different variations of the following function (with or without the RepositoryOpts argument):

Copy code

pulumi_kubernetes.helm.v3.Release(
    "resource_name",
    resource_args_object=pulumi_kubernetes.helm.v3.ReleaseArgs(
            chart="oci://{account}.dkr.ecr.{region}.<http://amazonaws.com/{chart_name}|amazonaws.com/{chart_name}>",
            version={chart_version},
            values=values,
            namespace=namespace,
            create_namespace=True,
            reset_values=True,
            force_update=True,
            dependency_update=True,
            ),
    opts=pulumi.ResourceOptions(provider=provider),
)

Where provider is a pulumi_kubernetes.Provider with the cluster kubeconfig. Does someone have any example of how this should be done?

billowy-army-68599

01/03/2023, 3:58 PM

this is unfortunately a known issue https://github.com/pulumi/pulumi-kubernetes/issues/1914

billowy-army-68599

01/03/2023, 3:58 PM

you can work around it by doing

helm registry login

before running pulumi

fancy-xylophone-14066

01/03/2023, 4:00 PM

i've tried that but i couldnt :c, before running that Release i'm executig:

Copy code

"helm registry login {registry_url} -u {auth_token.user_name} -p {auth_token.password}"

fancy-xylophone-14066

01/03/2023, 4:02 PM

At the moment im pulling the chart to local, use it to execute the Release and delete it after that. It works but its awful

many-telephone-49025

01/03/2023, 4:33 PM

Not sure about ECR but could you work with a IAM role? I know that in Azure you have the Pull role for images from ACR

fancy-xylophone-14066

01/03/2023, 6:29 PM

• Solved Finally i solved it by setting "helm_release_setting" argument with the registry-config path hardcoded, probably the "helm registry login" and this config where targeting different paths for the registry config.

Copy code

"helm registry login {registry_url} -u {auth_token.user_name} -p {auth_token.password} --registry-config {path}"

k8s.ProviderArgs(
    kubeconfig=kubeconfig,
    helm_release_settings=k8s.HelmReleaseSettingsArgs(
        registry_config_path=path
        )
    ),

Thanks =D

2 Views

Open in Slack

Previous Next