helm: support HTTP repository authentication

[chtiouiha]

SUMMARY

I cannot use the helm module to deploy charts from a private repo. The helm CLI has command line flags for username and password.
I tested with inline http authentication in the chart_repo_url but it doesn't work, helm cli doesn't allow this.

ISSUE TYPE

• Feature Idea

COMPONENT NAME

ADDITIONAL INFORMATION

[Akasurde]

@chtiouiha Could you please provide the example for this? I remember username and password in helm module was not added due to security reason.

[Akasurde]

@chtiouiha Can you please try this?

[Akasurde]

@chtiouiha You can install Helm chart from private helm repo as -

---
- hosts: localhost
  vars:
    helm_chart_url: "https://localhost:8443/charts"
  tasks:
    - name: Add helm repo
      community.kubernetes.helm_repository:
        name: centos
        repo_url: "{{ helm_chart_url }}"
        repo_username: admin
        repo_password: admin

    - name: Add Helm Chart
      community.kubernetes.helm:
        name: test
        chart_ref: mychart
        state: present
        release_namespace: default

After running -

# ansible-playbook repo.yml -v
PLAY [localhost] ******************************************************************************

TASK [Gathering Facts] ************************************************************************
ok: [localhost]

TASK [Add helm repo] **************************************************************************
changed: [localhost] => {"changed": true, "command": "/usr/local/bin/helm repo add --insecure-skip-tls-verify centos https://localhost:8443/charts --username=****** --password=******", "stderr": "", "stderr_lines": [], "stdout": "\"centos\" has been added to your repositories\n", "stdout_lines": ["\"centos\" has been added to your repositories"]}
TASK [Add Helm Chart] *************************************************************************
changed: [localhost] => {"changed": true, "command": "/usr/local/bin/helm --namespace=default upgrade -i --reset-values test mychart", "status": {"app_version": "1.16.0", "chart": "mychart-0.1.0", "name": "test", "namespace": "default", "revision": "1", "status": "deployed", "updated": "2020-08-26 19:57:46.64032 +0530 IST", "values": {}}, "stderr": "", "stderr_lines": [], "stdout": "Release \"test\" does not exist. Installing it now.\nNAME: test\nLAST DEPLOYED: Wed Aug 26 19:57:46 2020\nNAMESPACE: default\nSTATUS: deployed\nREVISION: 1\nNOTES:\n1. Get the application URL by running these commands:\n  export POD_NAME=$(kubectl get pods --namespace default -l \"app.kubernetes.io/name=mychart,app.kubernetes.io/instance=test\" -o jsonpath=\"{.items[0].metadata.name}\")\n  echo \"Visit http://127.0.0.1:8080 to use your application\"\n  kubectl --namespace default port-forward $POD_NAME 8080:80\n", "stdout_lines": ["Release \"test\" does not exist. Installing it now.", "NAME: test", "LAST DEPLOYED: Wed Aug 26 19:57:46 2020", "NAMESPACE: default", "STATUS: deployed", "REVISION: 1", "NOTES:", "1. Get the application URL by running these commands:", "  export POD_NAME=$(kubectl get pods --namespace default -l \"app.kubernetes.io/name=mychart,app.kubernetes.io/instance=test\" -o jsonpath=\"{.items[0].metadata.name}\")", "  echo \"Visit http://127.0.0.1:8080 to use your application\"", "  kubectl --namespace default port-forward $POD_NAME 8080:80"]}

PLAY RECAP ************************************************************************************
localhost                  : ok=3    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0



# helm repo list
NAME  	URL
stable	https://kubernetes-charts.storage.googleapis.com/
centos	https://localhost:8443/charts

# kubectl get pods test-mychart-b5cd6d7c8-whm56
NAME                           READY   STATUS    RESTARTS   AGE
test-mychart-b5cd6d7c8-whm56   1/1     Running   0          48s

Let me know if you need anything from myside. Thanks.

[Akasurde]

@chtiouiha Any news?

[Akasurde]

I will close this for now as there is no news from the reporter. Please feel free to open a new issue.