JFrog Helm repository always returns 404 - kubernetes-helm

I've got 3 helm repositories in my JFrog account:
helm-local - intended to store private helm charts
helm-remote - intended to proxy public charts
helm - virtual one, unites both above
I configure my helm client like this: helm repo add %reponame% https://%name%.jfrog.io/artifactory/helm --username %username% --password %password% as it's descrbed in https://www.jfrog.com/confluence/display/RTF6X/Helm+Chart+Repositories.
Then I do helm repo update.
But when I try to do helm pull %reponame%/%chartname%, it returns 404
Error: failed to fetch https://%name%.jfrog.io/helm-local/%chartname%-%chartversion%.tgz : 404 Not Found
helm.go:88: [debug] failed to fetch https://%name%.jfrog.io/helm-local/%chartname%-%chartversion%.tgz : 404 Not Found
helm.sh/helm/v3/pkg/getter.(*HTTPGetter).get
helm.sh/helm/v3/pkg/getter/httpgetter.go:90
helm.sh/helm/v3/pkg/getter.(*HTTPGetter).Get
helm.sh/helm/v3/pkg/getter/httpgetter.go:42
helm.sh/helm/v3/pkg/downloader.(*ChartDownloader).DownloadTo
helm.sh/helm/v3/pkg/downloader/chart_downloader.go:99
helm.sh/helm/v3/pkg/action.(*Pull).Run
helm.sh/helm/v3/pkg/action/pull.go:129
main.newPullCmd.func2
helm.sh/helm/v3/cmd/helm/pull.go:75
github.com/spf13/cobra.(*Command).execute
github.com/spf13/cobra#v1.1.3/command.go:852
github.com/spf13/cobra.(*Command).ExecuteC
github.com/spf13/cobra#v1.1.3/command.go:960
github.com/spf13/cobra.(*Command).Execute
github.com/spf13/cobra#v1.1.3/command.go:897
main.main
helm.sh/helm/v3/cmd/helm/helm.go:87
runtime.main
runtime/proc.go:225
runtime.goexit
runtime/asm_amd64.s:1371
It seems fetching an index, and gets the latest version of the chart, but can't get a correct download URL of it.
What am I doing wrong?

I see you are trying to pull from helm-local directly; use the helm virtual and try to pull. Also, perform a zap cache on the virtual repo and recalculate the index on the local repo and test the pull.

Related

Github Action failing to Build Images for the plugins being used in workflow

I am trying to use a plugin in my eks based k8s cluster,
I am using a Github Action controller that spawns on demand Container as Self Hosted runner
When the Github action start this plugin or any other that needs to build itself as a docker image fails with below error, any thoughts or ideas ?
This is my self hosted runner image Link
FYI : If i run a standalone alpine container in the cluster all typical cmd works, and this also works with default ubuntu based self hosted runner, so i dont think its the cluster
/usr/local/bin/docker build -t 60e226:1b6fc15462134e6fb8520b7df48cf7fd -f "/runner/_work/_actions/aquasecurity/trivy-action/master/Dockerfile" "/runner/_work/_actions/aquasecurity/trivy-action/master"
Sending build context to Docker daemon 644.6kB
Step 1/5 : FROM ghcr.io/aquasecurity/trivy:0.[3](https://github.com//docker-images/actions/runs/4134005760/jobs/7147011143#step:3:3)7.1
0.37.1: Pulling from aquasecurity/trivy
c158987b0551: Pulling fs layer
67a7d067ef7d: Pulling fs layer[6]Download complete
67a7d067ef7d: Pull complete
2ec1cdd48f38: Verifying Checksum
2ec1cdd48f38: Download complete
2ec1cdd48f38: Pull complete
fe56e6aa700e: Pull complete
Digest: sha256:7c[16](https://github.com//docker-images/actions/runs/4134005760/jobs/7147011143#step:3:16)7f7f3002948f1ec099555aa968bd8b8b097780603a38cc801fe965da0a69
Status: Downloaded newer image for ghcr.io/aquasecurity/trivy:0.37.1
---> c3e68408cd24
Step 2/5 : COPY entrypoint.sh /
---> 1f1da443ea86
Step 3/5 : RUN apk --no-cache add bash curl npm
---> Running in 647f7f479cac
fetch https://dl-cdn.alpinelinux.org/alpine/v3.[17](https://github.com//docker-images/actions/runs/4134005760/jobs/7147011143#step:3:17)/main/x86_64/APKINDEX.tar.gz
48ABC73BEB7F0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:[18](https://github.com//docker-images/actions/runs/4134005760/jobs/7147011143#step:3:18)89:
WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/v3.17/main: Permission denied
fetch https://dl-cdn.alpinelinux.org/alpine/v3.17/community/x86_64/APKINDEX.tar.gz
48ABC73BEB7F0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:1889:
WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/v3.17/community: Permission denied
ERROR: unable to select packages:
bash (no such package):
required by: world[bash]
curl (no such package):
required by: world[curl]
npm (no such package):
required by: world[npm]
The command '/bin/sh -c apk --no-cache add bash curl npm' returned a non-zero code: 3
Warning: Docker build failed with exit code 3, back off 6.807 seconds before retry.
It was expected to build the docker image and proceed with the github action workflow
Tried different flavors of image and nothing worked except for ubunut-latest
the plugin in question
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action#master
with:
image-ref: 'test:latest'
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'

Error: elasticsearch has no deployed releases Error: plugin "2to3" exited with error

I am running helm3 2to3 convert --dry-run elasticsearch, but running into an issue. Any idea what could be the issue?
2021/08/18 15:52:41 NOTE: This is in dry-run mode, the following actions will not be executed.
2021/08/18 15:52:41 Run without --dry-run to take the actions described below:
2021/08/18 15:52:41
2021/08/18 15:52:41 Release "elasticsearch" will be converted from Helm v2 to Helm v3.
2021/08/18 15:52:41 [Helm 3] Release "elasticsearch" will be created.
Error: elasticsearch has no deployed releases
Error: plugin "2to3" exited with error

fluxcd not applying anything with err="running kubectl: error: unable to recognize \"STDIN\": ..."

I recently installed FluxCD 1.19.0 on an Azure AKS k8s cluster using fluxctl install. We use a private git (self hosted bitbucket) which Flux is able to reach and check out.
Now Flux is not applying anything with the error message:
ts=2020-06-10T09:07:42.7589883Z caller=loop.go:133 component=sync-loop event=refreshed url=ssh://git#bitbucket.some-private-server.com:7999/infra/k8s-gitops.git branch=master HEAD=7bb83d1753a814c510b1583da6867408a5f7e21b
ts=2020-06-10T09:09:00.631764Z caller=sync.go:73 component=daemon info="trying to sync git changes to the cluster" old=7bb83d1753a814c510b1583da6867408a5f7e21b new=7bb83d1753a814c510b1583da6867408a5f7e21b
ts=2020-06-10T09:09:01.6130559Z caller=sync.go:539 method=Sync cmd=apply args= count=3
ts=2020-06-10T09:09:20.2097034Z caller=sync.go:605 method=Sync cmd="kubectl apply -f -" took=18.5965923s err="running kubectl: error: unable to recognize \"STDIN\": an error on the server (\"\") has prevented the request from succeeding" output=
ts=2020-06-10T09:09:38.7432182Z caller=sync.go:605 method=Sync cmd="kubectl apply -f -" took=18.5334244s err="running kubectl: error: unable to recognize \"STDIN\": an error on the server (\"\") has prevented the request from succeeding" output=
ts=2020-06-10T09:09:57.277918Z caller=sync.go:605 method=Sync cmd="kubectl apply -f -" took=18.5346491s err="running kubectl: error: unable to recognize \"STDIN\": an error on the server (\"\") has prevented the request from succeeding" output=
ts=2020-06-10T09:09:57.2779965Z caller=sync.go:167 component=daemon err="<cluster>:namespace/dev: running kubectl: error: unable to recognize \"STDIN\": an error on the server (\"\") has prevented the request from succeeding; <cluster>:namespace/prod: running kubectl: error: unable to recognize \"STDIN\": an error on the server (\"\") has prevented the request from succeeding; dev:service/hello-world: running kubectl: error: unable to recognize \"STDIN\": an error on the server (\"\") has prevented the request from succeeding"
ts=2020-06-10T09:09:57.2879489Z caller=images.go:17 component=sync-loop msg="polling for new images for automated workloads"
ts=2020-06-10T09:09:57.3002208Z caller=images.go:27 component=sync-loop msg="no automated workloads"
From what I understand, Flux passes the resource definitions to kubectl, which then applies them?
The way I interpret the error would mean that kubectl isn't passed anything to. However I opened a shell in the container and made sure Flux was in fact checking something out - which it did.
I tried raising the verbosity to 9, but it didn't return anything that I deemed relevant (detailed outputs of the http requests and responses against the Kubernetes API).
So what is happening here?
The problem was with the version of kubectl used in the 1.19 flux release, so I fixed it by using a prerelease: https://hub.docker.com/r/fluxcd/flux-prerelease/tags

Helm - Can't install dependencies from private Github repository

I'm trying to install packages from a private repository I've deployed using chart-releases, but I'm not being able to do it.
Here is what I've done:
I've created a new private repository, added a sample chart to it and ran the following commands:
helm package charts/* --destination .deploy
cr upload -o odelucca -r helm-charts -p .deploy -t $MY_TOKEN
I've created the index.yaml with the following command:
cr index --config .cr.yaml -t $MY_TOKEN
# My .cr.yaml file:
# owner: odelucca
# git-repo: helm-charts
# package-path: .deploy
# index-path: index.yaml
# charts-repo: https://github.com/odelucca/helm-charts/
I've commit the index.yaml to the repo
I've added the remote helm repo with the following command:
helm repo add helm-charts https://raw.githubusercontent.com/odelucca/helm-charts/master --username $MY_EMAIL --password $MY_TOKEN
The repo was added, then I've added the following dependency to a local chart:
dependencies:
- name: serverless-common
version: 1.0.0
repository: "#helm-charts"
Now, I've tried to run the following:
helm dep update
I get the following errors:
Hang tight while we grab the latest from your chart repositories...
...Unable to get an update from the "local" chart repository (http://127.0.0.1:8879/charts):
Get http://127.0.0.1:8879/charts/index.yaml: dial tcp 127.0.0.1:8879: connect: connection refused
...Successfully got an update from the "helm-charts" chart repository
...Successfully got an update from the "stable" chart repository
Update Complete.
Saving 1 charts
Downloading serverless-common from repo https://raw.githubusercontent.com/odelucca/helm-charts/master
Save error occurred: could not download https://github.com/odelucca/helm-charts/releases/download/serverless-common-1.0.0/serverless-common-1.0.0.tgz: Failed to fetch https://github.com/odelucca/helm-charts/releases/download/serverless-common-1.0.0/serverless-common-1.0.0.tgz : 404 Not Found
Deleting newly downloaded charts, restoring pre-update state
Error: could not download https://github.com/odelucca/helm-charts/releases/download/serverless-common-1.0.0/serverless-common-1.0.0.tgz: Failed to fetch https://github.com/odelucca/helm-charts/releases/download/serverless-common-1.0.0/serverless-common-1.0.0.tgz : 404 Not Found
Anyone can help me? I've tried a lot of different approaches, and none of them fix it
Have you tried editing the repository config file?
You should have something like this:
vim ${HOEM}/.config/helm/repositories.yaml
apiVersion: ""
generated: "0001-01-01T00:00:00Z"
repositories:
- caFile: ""
certFile: ""
insecure_skip_tls_verify: false
keyFile: ""
name: helm-charts
password: ""
url: "https://raw.githubusercontent.com/odelucca/helm-charts/master"
username: ""
Edit it and put your username and password to connect to your private registry.
For me, this works fine.
Maybe you also need to check your repo path.
You should be able to download with an URL like this:
${repository}/${name}-${version}.tgz

Golang dep unable to resolve dependencies

I am using kubebuilder to create kubernetes operator project. After running the project init command described in quickstart guide
kubebuilder init --domain k8s.io --license apache2 --owner "The Kubernetes Authors"
dep ensure returns with error log given below.
Solving failure: No versions of k8s.io/client-go met constraints:
v8.0.0: Could not introduce k8s.io/client-go#v8.0.0, as it is not allowed by constraints from the following projects:
kubernetes-1.10.1 from (root)
kubernetes-1.10.1 from sigs.k8s.io/controller-runtime#master
v7.0.0: Could not introduce k8s.io/client-go#v7.0.0, as it is not allowed by constraints from the following projects:
kubernetes-1.10.1 from (root)
kubernetes-1.10.1 from sigs.k8s.io/controller-runtime#master
v6.0.0: Could not introduce k8s.io/client-go#v6.0.0, as it is not allowed by constraints from the following projects:
kubernetes-1.10.1 from (root)
kubernetes-1.10.1 from sigs.k8s.io/controller-runtime#master
Try using the latest kubebuilder from here. It's likely that the dependencies for the version in the quick start are out of date.
It works fine for me with v1.0.3
~/go/src/github.com $ kubebuilder init --domain k8s.io --license apache2 --owner "The Kubernetes Authors"
Run `dep ensure` to fetch dependencies (Recommended) [y/n]?
y
dep ensure
Running make...
make
go generate ./pkg/... ./cmd/...
go fmt ./pkg/... ./cmd/...
go vet ./pkg/... ./cmd/...
go run vendor/sigs.k8s.io/controller-tools/cmd/controller-gen/main.go all
CRD manifests generated under '/root/go/src/github.com/config/crds'
RBAC manifests generated under '/root/go/src/github.com/config/rbac'
go test ./pkg/... ./cmd/... -coverprofile cover.out
? github.com/pkg/apis [no test files]
? github.com/pkg/controller [no test files]
ok github.com/pkg/errors 0.207s coverage: 100.0% of statements
? github.com/cmd/manager [no test files]
go build -o bin/manager github.com/cmd/manager
Next: Define a resource with:
$ kubebuilder create api