-
Type:
New Feature
-
Status: Closed
-
Resolution: Duplicate
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: Helm
-
Labels:None
-
Environment:
- Artifactory-ha helm chart 4.6.7 (Artifactory 7.12.6) running in a "shared services" network with Internet access.
- Client Kubernetes Cluster running in a "restricted" network (no Internet access)
- We are using flux/helm-repo, but I don't think that is relevant, other than to say that the "helm" commands are running from inside the cluster.
Artifactory-ha helm chart 4.6.7 (Artifactory 7.12.6) running in a "shared services" network with Internet access. Client Kubernetes Cluster running in a "restricted" network (no Internet access) We are using flux/helm-repo, but I don't think that is relevant, other than to say that the "helm" commands are running from inside the cluster.
Related to: RTFACT-19094
We have seen a trend since the "stable" helm repo was deprecated, where helm repos are hosting in gh-pages (github pages). So, they host the "index.yaml" for their help repo in gh-pages, and host the charts in github releases. The problem with this pattern is that the helm repo URL will be something like: https://prometheus-community.github.io/helm-charts but the helm charts will be sourced from github.com URLs, like: https://github.com/prometheus-community/helm-charts/releases/download/prometheus-stackdriver-exporter-1.7.0/prometheus-stackdriver-exporter-1.7.0.tgz
Steps to reproduce:
- Setup REMOTE helm repo prometheus-community-remote -> https://prometheus-community.github.io/helm-charts
- Setup VIRTUAL helm repo prometheus-community -> prometheus-community-remote
- Download the index.yaml (as the helm client would): curl localhost:8082/artifactory/prometheus-community/index.yaml
- NOTICE the "urls" section of each chart.
Some charts, which have been embedded into the gh-pages site (added to git), will appear in the artifactory helm repo, while some, which are using github-releases will still appear as their original public URL.
In our case, due to HIPAA and/or PCI regulations, our application servers do not have Internet access to be able to pull the helm charts. We are using Artifactory as the go-between, but it is not "fixing" these URLs to be local so they can be retrieved.
The feature I am looking for would allow me to setup a REMOTE "helm" repo for https://github.com/ and have the "virtual" helm repo code detect that and rewrite the "urls" to point to that repo under Artifactory, rather than ignoring them (leaving them as https://github.com/ URLs) as it does now.
To ensure safety, the VIRTUAL repo would have to have both the target (prometheus-community-remote), as well as the additional (github-remote) added to it so that rewrites did not occur unexpectedly.
- duplicates
-
RTFACT-24678 Support external dependencies in HELM
- Done