Source controller resource for AWS ECR helm registry

[PeteMac88]

We are currently managing our charts in AWS ECR buckets. We used the helm-ecr to support fetching the chart with the old helm-operator. Is HelmRepository already supporting ECR as a chart source? Is there an example how to use AWS ECR with flux v2?

[gcameo]

Also basic-auth with a self hosted chartmuseum using username and password doesn't work
This is what I used and it says 401 authentication failed.... There is an option to provide a Kubernetes secret but no example on how to do it

flux create source helm mychart \
  --url=http://myserver:8080 \
  --username=my-username \
  --password=mypassword \
  --export > helmrepo-mychart.yaml

[gcameo]

The 16th minute in this video explains how to do it with Kubernetes secrets.

https://www.youtube.com/watch?v=UhV8kYcb9Mc&list=PLY2oANmfP-tnO8RGvEU5hDJHZdqxSoTeN&index=5

[PeteMac88]

Thanks for the effort but that is not matching our use case. In our case we use AWS ECR as a helm chart registry. I dont find any example which kind of resource for the source controller I need to use to define this as a chart source. The Bucket CRD is the closest to this but its not working for me.

[PeteMac88]

Anyone who can help here?

[phillebaba]

I just updated the docs to try cover these types of questions.
https://toolkit.fluxcd.io/guides/helmreleases/#cloud-storage

Supporting ECR is a bit tricky as OCI Helm Charts is an experimental feature. Your best option would be to look at an alternative to Chartmuseum that can use ECR as a repository backend. It does not seem like they are planning on supporting OCI storage backends, but things may have changed since last year.
helm/chartmuseum#237 (comment)

[lebenitza]

The OCI Standard gains more and more popularity. All the Docker Registry OCI implementations released by different cloud provider are marked as stable.

Helm support for working with charts uploaded in OCI registries is indeed experimental, as they seem to have started to implement this rather late and there are still things to be done to have functionality on par with current helm chart repositories (like chartmuseum). Nonetheless, someone could implement the interaction with OCI registry outside of helm, fetch/pull the charts through the OCIs simple API and work with them locally with helm. In this way it doesn't matter what is the support of this in helm as it should work with an already fetched chart.

More here: helm/helm#8259 helm/helm#8843 and the other issue in this repo #124

Personally, I am looking forward for this OCI docker registry integration as it will simplify a lot of flows, pipelines, infrastructure and security in the environments I work with.

[hiddeco]

This should all be tracked in #124.