OCPBUGS-44235: Fix Helm chart installation with CA/TLS certificates

martinszuc · martinszuc · commit d83db263f772 · 2025-10-14T22:06:37.000+02:00
Console uses Kubernetes CRDs to manage Helm repositories, not Helm's repository cache. Setting chartPathOptions.RepoURL forced Helm to look for a cache that doesn't exist in the console pod's read-only filesystem. Remove RepoURL assignments and use direct URL downloads with CaFile, CertFile, and KeyFile for authentication. Fixes https://issues.redhat.com/browse/OCPBUGS-44235 Signed-off-by: Martin Szuc <mszuc@redhat.com>
diff --git a/pkg/helm/actions/auth.go b/pkg/helm/actions/auth.go
@@ -19,7 +19,6 @@ func setUpAuthentication(chartPathOptions *action.ChartPathOptions, connectionCo
 	tlsFiles := []*os.File{}
 	//set up tls cert and key
 	if connectionConfig.TLSClientConfig != (configv1.SecretNameReference{}) {
-		chartPathOptions.RepoURL = connectionConfig.URL
 		tlsKeyFile, tlsCertFile, err := setupTlsCertFile(connectionConfig.TLSClientConfig.Name, configNamespace, coreClient)
 		if err != nil {
 			return nil, err
@@ -31,7 +30,6 @@ func setUpAuthentication(chartPathOptions *action.ChartPathOptions, connectionCo
 	}
 	//set up ca certificate
 	if connectionConfig.CA != (configv1.ConfigMapNameReference{}) {
-		chartPathOptions.RepoURL = connectionConfig.URL
 		caFile, err := setupCaCertFile(connectionConfig.CA.Name, configNamespace, coreClient)
 		if err != nil {
 			return nil, err
@@ -47,7 +45,6 @@ func setUpAuthenticationProject(chartPathOptions *action.ChartPathOptions, conne
 	var secretNamespace string
 	//set up tls cert and key
 	if connectionConfig.TLSClientConfig != (configv1.SecretNameReference{}) {
-		chartPathOptions.RepoURL = connectionConfig.URL
 		tlsKeyFile, tlsCertFile, err := setupTlsCertFile(connectionConfig.TLSClientConfig.Name, namespace, coreClient)
 		if err != nil {
 			return nil, err
@@ -77,7 +74,6 @@ func setUpAuthenticationProject(chartPathOptions *action.ChartPathOptions, conne
 	}
 	//set up ca certificate
 	if connectionConfig.CA != (configv1.ConfigMapNameReference{}) {
-		chartPathOptions.RepoURL = connectionConfig.URL
 		caFile, err := setupCaCertFile(connectionConfig.CA.Name, namespace, coreClient)
 		if err != nil {
 			return nil, err
diff --git a/pkg/helm/actions/get_chart.go b/pkg/helm/actions/get_chart.go
@@ -45,11 +45,7 @@ func GetChart(url string, conf *action.Configuration, repositoryNamespace string
 		}
 	}
 
-	if len(tlsFiles) == 0 {
-		chartLocation = url
-	} else {
-		chartLocation = chartInfo.Name
-	}
+	chartLocation = url
 
 	cmd.ChartPathOptions.Version = chartInfo.Version
 	chartPath, err = cmd.ChartPathOptions.LocateChart(chartLocation, settings)
diff --git a/pkg/helm/actions/install_chart.go b/pkg/helm/actions/install_chart.go
@@ -68,11 +68,7 @@ func InstallChart(ns, name, url string, vals map[string]interface{}, conf *actio
 		}
 	}
 	cmd.ReleaseName = name
-	if len(tlsFiles) == 0 {
-		chartLocation = url
-	} else {
-		chartLocation = chartInfo.Name
-	}
+	chartLocation = url
 
 	cmd.ChartPathOptions.Version = chartInfo.Version
 	cp, err = cmd.ChartPathOptions.LocateChart(chartLocation, settings)
@@ -150,11 +146,7 @@ func InstallChartAsync(ns, name, url string, vals map[string]interface{}, conf *
 		}
 	}
 	cmd.ReleaseName = name
-	if len(tlsFiles) == 0 {
-		chartLocation = url
-	} else {
-		chartLocation = chartInfo.Name
-	}
+	chartLocation = url
 	cmd.ChartPathOptions.Version = chartInfo.Version
 	cp, err = cmd.ChartPathOptions.LocateChart(chartLocation, settings)
 	if err != nil {
diff --git a/pkg/helm/actions/upgrade_release.go b/pkg/helm/actions/upgrade_release.go
@@ -84,11 +84,7 @@ func UpgradeRelease(
 				return nil, fmt.Errorf("error setting up authentication: %v", err)
 			}
 		}
-		if len(tlsFiles) == 0 {
-			chartLocation = chartUrl
-		} else {
-			chartLocation = chartInfo.Name
-		}
+		chartLocation = chartUrl
 		client.ChartPathOptions.Version = chartInfo.Version
 		cp, err = client.ChartPathOptions.LocateChart(chartLocation, settings)
 		if err != nil {
@@ -199,11 +195,7 @@ func UpgradeReleaseAsync(
 				return nil, fmt.Errorf("error setting up authentication: %v", err)
 			}
 		}
-		if len(tlsFiles) == 0 {
-			chartLocation = chartUrl
-		} else {
-			chartLocation = chartInfo.Name
-		}
+		chartLocation = chartUrl
 		client.ChartPathOptions.Version = chartInfo.Version
 		cp, err = client.ChartPathOptions.LocateChart(chartLocation, settings)
 		if err != nil {

Original file line number	Diff line number	Diff line change
`@@ -45,11 +45,7 @@ func GetChart(url string, conf *action.Configuration, repositoryNamespace string`
`45`	`45`	`}`
`46`	`46`	`}`
`47`	`47`
`48`		`- if len(tlsFiles) == 0 {`
`49`		`- chartLocation = url`
`50`		`- } else {`
`51`		`- chartLocation = chartInfo.Name`
`52`		`- }`
	`48`	`+ chartLocation = url`
`53`	`49`
`54`	`50`	`cmd.ChartPathOptions.Version = chartInfo.Version`
`55`	`51`	`chartPath, err = cmd.ChartPathOptions.LocateChart(chartLocation, settings)`
Original file line number	Diff line number	Diff line change
`@@ -68,11 +68,7 @@ func InstallChart(ns, name, url string, vals map[string]interface{}, conf *actio`
`68`	`68`	`}`
`69`	`69`	`}`
`70`	`70`	`cmd.ReleaseName = name`
`71`		`- if len(tlsFiles) == 0 {`
`72`		`- chartLocation = url`
`73`		`- } else {`
`74`		`- chartLocation = chartInfo.Name`
`75`		`- }`
	`71`	`+ chartLocation = url`
`76`	`72`
`77`	`73`	`cmd.ChartPathOptions.Version = chartInfo.Version`
`78`	`74`	`cp, err = cmd.ChartPathOptions.LocateChart(chartLocation, settings)`
`@@ -150,11 +146,7 @@ func InstallChartAsync(ns, name, url string, vals map[string]interface{}, conf *`
`150`	`146`	`}`
`151`	`147`	`}`
`152`	`148`	`cmd.ReleaseName = name`
`153`		`- if len(tlsFiles) == 0 {`
`154`		`- chartLocation = url`
`155`		`- } else {`
`156`		`- chartLocation = chartInfo.Name`
`157`		`- }`
	`149`	`+ chartLocation = url`
`158`	`150`	`cmd.ChartPathOptions.Version = chartInfo.Version`
`159`	`151`	`cp, err = cmd.ChartPathOptions.LocateChart(chartLocation, settings)`
`160`	`152`	`if err != nil {`