Bug 1912907

Summary: Helm chart repository index can contain unresolvable relative URL's
Product: OpenShift Container Platform Reporter: Bram Verschueren <bverschu>
Component: Dev ConsoleAssignee: Bram Verschueren <bverschu>
Status: CLOSED ERRATA QA Contact: Pavel Macik <pmacik>
Severity: high Docs Contact: Harsh Mishra <hmishra>
Priority: high    
Version: 4.6CC: aballant, ajose, aos-bugs, bmakam, kayras.elavia, nmukherj, rabdulra, rdey, shsaxena
Target Milestone: ---   
Target Release: 4.7.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Previously, the chart URL for downloading the chart to instantiate a helm release was unreachable. This happened because the `index.yaml` file from the remote repository, referenced in the Helm chart repository, was fetched and used as is. Some of these index files contained relative chart URLs. This issue has now been fixed by translating relative chart URLs to absolute URLs, which makes the chart URL reachable.
 Story Points: ---
Clone Of:
: 1916406 (view as bug list) Environment:
Last Closed: 2021-02-24 15:49:43 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1916406    

Description Bram Verschueren 2021-01-05 15:04:50 UTC 
Description of problem:

The HelmchartRepositories resource proxies a repositories' index.yaml file as-is. Some Helm repositories (e.g. Nexus3) generate index files containing relative chart URL's. These relative URL's - without base uri - are unreachable while instantiating helm charts.

Version-Release number of selected component (if applicable): 4.6


How reproducible:

prerequisite: OCP4 (v4.6) cluster and OC (Client Version: 4.6.8) + helm (Version:"v3.4.2") client available

Steps to Reproduce:
1. setup a nexus3:
~~~
$ helm repo add sonatype https://sonatype.github.io/helm3-charts/
$ helm install my-nexus-repository-manager sonatype/nexus-repository-manager --version 29.0.1 --set persistence.enabled=false --set nexus.securityContext=""
$ oc expose svc my-nexus-repository-manager
~~~ 
2. create helm repo:
~~~
$ curl -u admin:$(oc exec deployment/my-nexus-repository-manager -- cat /nexus-data/admin.password) -X POST "$(oc get route my-nexus-repository-manager  -o jsonpath='{.spec.host}')/service/rest/v1/repositories/helm/hosted" -H  "accept: application/json" -H  "Content-Type: application/json" -d "{  \"name\": \"helmtest\",  \"online\": true,  \"storage\": {    \"blobStoreName\": \"default\",    \"strictContentTypeValidation\": true,    \"writePolicy\": \"allow_once\"  },  \"cleanup\": {    \"policyNames\": [      \"string\"    ]  }}"
~~~
3. upload content:
~~~
$ curl https://charts.mirantis.com/charts/nginx-0.1.0.tgz -o nginx-0.1.0.tgz
$ curl -u admin:$(oc exec deployment/my-nexus-repository-manager -- cat /nexus-data/admin.password) "$(oc get route my-nexus-repository-manager  -o jsonpath='{.spec.host}')/repository/helmtest/" --upload-file nginx-0.1.0.tgz -v
~~~
4. create helmchartrepository:
~~~
$ cat <<EOF| oc apply -f -
apiVersion: helm.openshift.io/v1beta1
kind: HelmChartRepository
metadata:
  name: nexus
spec:
  connectionConfig:
    url: "http://$(oc get routes.route.openshift.io  my-nexus-repository-manager -o jsonpath='{.spec.host}')/repository/helmtest"
EOF
~~~
5. login to developer console and try to install the helm chart
[Developer Console] -> Add -> Helm Chart -> Nginx v0.1.0

Actual results:

While trying to install a release from the Helm chart in the Dashboard, the following error is shown:
~~~
Danger alert:Helm Chart cannot be installed
The Helm Chart is currently unavailable. Error: Failed to retrieve chart: failed to download "nginx-0.1.0.tgz" (hint: running `helm repo update` may help)
~~~
Expected results:

Helm chart installed

Additional info:
Comment 3 Pavel Macik 2021-01-29 13:58:07 UTC 
Verified with:
* OCP: v4.7.0-0.nightly-2021-01-29-002304
* OC: v4.6.8
* helm: v3.4.2
Comment 8 errata-xmlrpc 2021-02-24 15:49:43 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:5633
Comment 9 Kayras 2021-08-03 20:05:13 UTC 
The issue seems unresolved, I still see the below on version 4.7.19.

Helm Chart cannot be installed
The Helm Chart is currently unavailable. Error: Failed to retrieve chart: failed to download "https://XXXXXX-registry-pilot-v4-uk.repo.com:18443/repository/public_repo_helm/jbosseap73_openjdk8-0.4.0.tgz" (hint: running `helm repo update` may help)

root@server DEV # oc version
Client Version: 4.7.19
Server Version: 4.7.19
Kubernetes Version: v1.20.0+87cc9a4