Skip to content

Automating SUSE Application Collection's App Deployment with Rancher API HelmChart Object

Article Number: 000022051

Environment

Rancher, RKE2, SUSE Application Collection,Helm, OCI chart repository

Situation

When attempting to automate the deployment of SUSE Application Collection products using the Rancher API object "HelmChart," the deployment fails. The user has configured the Repository Suse App Collection with a Suse service account and is trying to use a HelmChart YAML file to deploy applications. The initial attempt with the oci// scheme fails, indicating that the scheme is not supported. 

Error: looks like "oci://dp.apps.rancher.io/charts" is not a valid chart repository or cannot be reached: failed to perform "FetchReference" on source: invalid reference

Switching to https results in a 401 Unauthorized error. 

Error: looks like "https://dp.apps.rancher.io/charts" is not a valid chart repository or cannot be reached: failed to fetch https://dp.apps.rancher.io/charts/index.yaml : 401 Unauthorized

Cause

The primary cause of the issue is the incorrect configuration of the HelmChart YAML file for deploying applications from the SUSE Application Collection.

Resolution

Adding the proper parameters for the OCI chart and secrets resolved the issue.

  1. Configure the OCI chart repository directly in the HelmChart YAML file as specified in the example application(redis).
  2. Create a single docker registry secret in the kube-system namespace for pulling the Helm chart.
  3. Create a secret in each application namespace for pulling specific images from the app collection.

Note: Both secrets dockerRegistrySecret and imagePullSecrets are docker registry secrets

Here is an example application(redis) YAML configuration:

apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
  name: redis
  namespace: kube-system
spec:
  chart: oci://dp.apps.rancher.io/charts/redis
  version: 2.3.0
  targetNamespace: appnamespace
  dockerRegistrySecret:
    name: helm-oci-registry
  valuesContent: |-
    global:
      imagePullSecrets:
        - name: application-collection
    persistence:
      enabled: false