Bug 1912907 - Helm chart repository index can contain unresolvable relative URL's
Summary: Helm chart repository index can contain unresolvable relative URL's
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Dev Console
Version: 4.6
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 4.7.0
Assignee: Bram Verschueren
QA Contact: Pavel Macik
Harsh Mishra
URL:
Whiteboard:
Depends On:
Blocks: 1916406
TreeView+ depends on / blocked
 
Reported: 2021-01-05 15:04 UTC by Bram Verschueren
Modified: 2021-08-31 07:17 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Previously, the chart URL for downloading the chart to instantiate a helm release was unreachable. This happened because the `index.yaml` file from the remote repository, referenced in the Helm chart repository, was fetched and used as is. Some of these index files contained relative chart URLs. This issue has now been fixed by translating relative chart URLs to absolute URLs, which makes the chart URL reachable.
Clone Of:
: 1916406 (view as bug list)
Environment:
Last Closed: 2021-02-24 15:49:43 UTC
Target Upstream Version:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift console pull 7711 0 None closed Bug 1912907: Helm chart repository index can contain unresolvable relative URL's 2021-02-17 08:39:50 UTC
Red Hat Knowledge Base (Solution) 5682321 0 None None None 2021-01-05 15:04:49 UTC
Red Hat Product Errata RHSA-2020:5633 0 None None None 2021-02-24 15:50:10 UTC

Description Bram Verschueren 2021-01-05 15:04:50 UTC 
Description of problem:

The HelmchartRepositories resource proxies a repositories' index.yaml file as-is. Some Helm repositories (e.g. Nexus3) generate index files containing relative chart URL's. These relative URL's - without base uri - are unreachable while instantiating helm charts.

Version-Release number of selected component (if applicable): 4.6


How reproducible:

prerequisite: OCP4 (v4.6) cluster and OC (Client Version: 4.6.8) + helm (Version:"v3.4.2") client available

Steps to Reproduce:
1. setup a nexus3:
~~~
$ helm repo add sonatype https://sonatype.github.io/helm3-charts/
$ helm install my-nexus-repository-manager sonatype/nexus-repository-manager --version 29.0.1 --set persistence.enabled=false --set nexus.securityContext=""
$ oc expose svc my-nexus-repository-manager
~~~ 
2. create helm repo:
~~~
$ curl -u admin:$(oc exec deployment/my-nexus-repository-manager -- cat /nexus-data/admin.password) -X POST "$(oc get route my-nexus-repository-manager  -o jsonpath='{.spec.host}')/service/rest/v1/repositories/helm/hosted" -H  "accept: application/json" -H  "Content-Type: application/json" -d "{  \"name\": \"helmtest\",  \"online\": true,  \"storage\": {    \"blobStoreName\": \"default\",    \"strictContentTypeValidation\": true,    \"writePolicy\": \"allow_once\"  },  \"cleanup\": {    \"policyNames\": [      \"string\"    ]  }}"
~~~
3. upload content:
~~~
$ curl https://charts.mirantis.com/charts/nginx-0.1.0.tgz -o nginx-0.1.0.tgz
$ curl -u admin:$(oc exec deployment/my-nexus-repository-manager -- cat /nexus-data/admin.password) "$(oc get route my-nexus-repository-manager  -o jsonpath='{.spec.host}')/repository/helmtest/" --upload-file nginx-0.1.0.tgz -v
~~~
4. create helmchartrepository:
~~~
$ cat <<EOF| oc apply -f -
apiVersion: helm.openshift.io/v1beta1
kind: HelmChartRepository
metadata:
  name: nexus
spec:
  connectionConfig:
    url: "http://$(oc get routes.route.openshift.io  my-nexus-repository-manager -o jsonpath='{.spec.host}')/repository/helmtest"
EOF
~~~
5. login to developer console and try to install the helm chart
[Developer Console] -> Add -> Helm Chart -> Nginx v0.1.0

Actual results:

While trying to install a release from the Helm chart in the Dashboard, the following error is shown:
~~~
Danger alert:Helm Chart cannot be installed
The Helm Chart is currently unavailable. Error: Failed to retrieve chart: failed to download "nginx-0.1.0.tgz" (hint: running `helm repo update` may help)
~~~
Expected results:

Helm chart installed

Additional info:
Comment 3 Pavel Macik 2021-01-29 13:58:07 UTC 
Verified with:
* OCP: v4.7.0-0.nightly-2021-01-29-002304
* OC: v4.6.8
* helm: v3.4.2
Comment 8 errata-xmlrpc 2021-02-24 15:49:43 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:5633
Comment 9 Kayras 2021-08-03 20:05:13 UTC 
The issue seems unresolved, I still see the below on version 4.7.19.

Helm Chart cannot be installed
The Helm Chart is currently unavailable. Error: Failed to retrieve chart: failed to download "https://XXXXXX-registry-pilot-v4-uk.repo.com:18443/repository/public_repo_helm/jbosseap73_openjdk8-0.4.0.tgz" (hint: running `helm repo update` may help)

root@server DEV # oc version
Client Version: 4.7.19
Server Version: 4.7.19
Kubernetes Version: v1.20.0+87cc9a4
Note You need to log in before you can comment on or make changes to this bug.