Be able to fetch helm charts via proxy

[davidkarlsen]

1T00:35:58.006250504Z caller=chartsync.go:340 component=chartsync info="chart download failed" releaseName=ode-problem-detector resource=node-problem-detector:helmrelease/node-problem-detector err="Looks like \"https://kubernetes-charts.storage.googleapis.com\" is not a valid chart repository or cannot be reached: Get https://kubernetes-charts.storage.googleapis.com/index.yaml: dial tcp 216.58.207.240:443: connect: connection timed out"

I have deployed the helmOperator via helm with values:

helmOperator:
  create: true
  repository: mycorpdockerregistry:8085/weaveworks/helm-operator
  extraEnvs:
  - name: HTTP_PROXY
    value: http://mycorp_outbound_proxy:8080
  - name: HTTPS_PROXY
    value: http://mycorp_outbound_proxy:8080
  - name: NO_PROXY
    value: .......,tiller-deploy.kube-system

[davidkarlsen]

Could it be this issue (old libs?) helm/helm#4326

[squaremo]

Could it be this issue (old libs?) helm/helm#4326

It could well be; we use the Helm getter package to download charts. We can try upgrading those packages to see if recent fixes help.

[squaremo]

This image uses k8s.io/helm v2.11.0: quay.io/squaremo/helm-operator:issue-1625-update-helms-9ce57ef-wip, and is otherwise the same as master.

[squaremo]

(proposed fix in https://github.com/weaveworks/flux/pull/new/issue/1625-update-helms; I'm not yet prepared to make it into a PR though)

[davidkarlsen]

@squaremo What more would be needed for a PR to be ready?
And why not go with the latest lib version - especially given the security fix in 1.12.2?

[davidkarlsen]

@squaremo ping?

[squaremo]

Oh sorry @davidkarlsen , this fell off the end of the list :-S
I am worried about losing compatibility with older installations of Tiller or Kubernetes. Are there any statements of API compatibility?

[hiddeco]

The rules for version numbers are as follows:

Pre-release versions are incompatible with everything else. Alpha.1 is incompatible with Alpha.2.
Patch revisions are compatible: 1.2.3 is compatible with 1.2.4
Minor revisions are not compatible: 1.2.0 is not compatible with 1.3.0, though we may relax this constraint in the future.
Major revisions are not compatible: 1.0.0 is not compatible with 2.0.0.

Source

[Multiply]

We're also blocked by this, unfortunately.

How about an option where the image used by the helm-operator is defined by a target tiller-version?

[squaremo]

I've pushed an image built from the PR branch #1828: quay.io/squaremo/helm-operator:bump-helm-213-8516901d

I am a bit more confident than before, because I've actually tried it :-)

[hiddeco]

Just confirmed this has been resolved with #1828 by running a Squid HTTP proxy and configuring the http_proxy, https_proxy and no_proxy environment variables.