Skip to content

Registry login error with helm OCI private dependencies ca-file flag being added unnecessarily  #11100

New issue
New issue
Closed
#11540
Closed
Registry login error with helm OCI private dependencies ca-file flag being added unnecessarily #11100
#11540
Assignees
alexef
Labels
bugSomething isn't working
@timgriffiths

Description

@timgriffiths
timgriffiths
opened on Oct 28, 2022

Checklist:

  • [ X] I've searched in the docs and FAQ for my answer: https://bit.ly/argocd-faq.
  • [ X] I've included steps to reproduce the bug.
  • [X ] I've pasted the output of argocd version.

Describe the bug

I am trying to connect to a Harbor helm repository which is self-hosted and has a self-signed certificate.

for the self-signed certificate, I add the pem to the argocd-tls-certs-cm config map

For public repo's this is fine everything works ok, but for private projects, I believe I need to create a repository definition in argo and this is where I hit problems (otherwise i get unauthorised errors as expected)

argo-cd/util/helm/cmd.go

Line 93 in 45fc484

args = append(args, "--ca-file", creds.CAPath)
it looks like just an oversight as helm does not support this flag for registry login's https://helm.sh/docs/helm/helm_registry_login/

To Reproduce

For simplicity did this all within a running argo server pod

First, add the harbor self-signed cert to the argocd-tls-certs-cm config map

argocd@argocd-server-5d7f4656b-mtwbh:~$ argocd repo add registry.magic.com --name private-repo --enable-oci --type helm --username user --password magic
FATA[0000] rpc error: code = Unknown desc = error testing repository connectivity: `helm registry login registry.magic.com --username ****** --password ****** --ca-file /app/config/tls/registry.magic.com` failed exit status 1: Error: unknown flag: --ca-file

If i run the same helm command in the pod, minus the --ca-file flag it works fine

I have also tried running the repo add command with --insecure-skip-server-verification but it has the same result. ... If I remove my certificate from argocd-tls-certs-cm config map I get a bunch of certificate issues when trying to pull in the charts when they are set up as dependent charts

Expected behavior

Argo is able to add a private oci repo from Harbor

Version

argocd: v2.4.8+844f79e
  BuildDate: 2022-07-29T17:01:39Z
  GitCommit: 844f79eb9d8f3ab96d4ce6f8df211c6093a660ba
  GitTreeState: clean
  GoVersion: go1.18.4
  Compiler: gc
  Platform: linux/amd64
argocd-server: v2.4.8+844f79e
  BuildDate: 2022-07-29T17:01:39Z
  GitCommit: 844f79eb9d8f3ab96d4ce6f8df211c6093a660ba
  GitTreeState: clean
  GoVersion: go1.18.4
  Compiler: gc
  Platform: linux/amd64
  Kustomize Version: v4.4.1 2021-11-11T23:36:27Z
  Helm Version: v3.8.1+g5cb9af4
  Kubectl Version: v0.23.1
  Jsonnet Version: v0.18.0

I am not sure if I will hit any issues raised in #8563 but this is my main stumbling block

Metadata

Metadata

Assignees

Labels

bugSomething isn't working

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions