Specify proxy for helm repository in terraform for azure china

Question

I am trying to deploy a helm chart via terraform to Azure Kubernetes Service in China. The problem is that I cannot pull images from k8s.gcr.io/ingress-nginx. I need to specify a proxy as described in https://github.com/Azure/container-service-for-azure-china/blob/master/aks/README.md#22-container-registry-proxy but I don't know how to do this via terraform. In west europe my resource simply looks like

resource "helm_release" "nginx_ingress" {
  name      = "ingress-nginx"
  chart     = "ingress-nginx"
  repository = "https://kubernetes.github.io/ingress-nginx"
  namespace = kubernetes_namespace.nginx_ingress.metadata[0].name

  set {
    name  = "controller.service.annotations.service\\.beta\\.kubernetes\\.io/azure-load-balancer-resource-group"
    value = azurerm_public_ip.nginx_ingress_pip.resource_group_name
  }

  set {
    name  = "controller.service.loadBalancerIP"
    value = azurerm_public_ip.nginx_ingress_pip.ip_address
  }
}

How do I get the proxy settings in there? Any help is greatly appreciated.

Please correct me if I'm wrong but assuming that the communication between the terraform and your `AKS` cluster is not limited and you have access to this repository (docker pull), I do think you'll only need to change the repository of the image you are downloading from by overriding the image field of deployment in the terraform file. Have you tried to override the `image` part? — Dawid Kruk, Mar 11 '21 at 11:20
@DawidKruk, you are completely right. Please see my own answer below where I perform such an override. I was on the wrong track with the proxy... — Mark, Mar 12 '21 at 10:47

Jaime S · Answer 1 · 2021-03-11T09:05:04.800

0

AFIK, Helm provider for terraform does not support proxy settings yet. There is a pull request being discussed under this thread: https://github.com/hashicorp/terraform-provider-helm/issues/552

Until this feature is implemented you may consider other temporary workarounds like make a copy of the chart on your terraform repo and reference it from the helm provider.

edited Mar 11 '21 at 09:05

answered Mar 11 '21 at 07:46

Jaime S

1,488
1
16
31

score 0 · Accepted Answer · answered Mar 11 '21 at 14:55

Turns out I had some problems figuring out how to modify the helm chart in the correct way plus the solution was not exactly a proxy configuration but to directly use a different repository for the image pull. This works:

resource "helm_release" "nginx_ingress" {
  name      = "ingress-nginx"
  chart     = "ingress-nginx"
  repository = "https://kubernetes.github.io/ingress-nginx"
  namespace = kubernetes_namespace.nginx_ingress.metadata[0].name

  set {
    name  = "controller.service.annotations.service\\.beta\\.kubernetes\\.io/azure-load-balancer-resource-group"
    value = azurerm_public_ip.nginx_ingress_pip.resource_group_name
  }

  set {
    name  = "controller.service.loadBalancerIP"
    value = azurerm_public_ip.nginx_ingress_pip.ip_address
  }

  set {
    name = "controller.image.repository"
    value = "k8sgcr.azk8s.cn/ingress-nginx/controller"
  }
}

Thank you anyways for your input!

Specify proxy for helm repository in terraform for azure china

2 Answers2