Use OCIRepository in HelmRelease

[emalihin]

Hello, I tried the new OCIRepository resource and it works great with private GCP Artifact Registry (Workload Identity auth) storing OCI Helm Charts.

However, I'm not able to use it with HelmRelease resources:
Unsupported value: "OCIRepository": supported values: "HelmRepository", "GitRepository", "Bucket"

Is this coming, or did I get it completely wrong and OCIRepository is not meant to be used with HelmRelease?

Thanks!

[emalihin]

This is somewhat related to this issue #867
HelmRepository with OCI config doesn't support IAM Auth, so i'm trying to use OCIRepository instead which does, but cannot figure out how to use it with HelmRelease

[yafanasiev]

As per fluxcd/flux2#3002 (comment), it seems like OCIRepository can't be used with HelmRelease. However, I was also hoping the auto-login functionality would work with HelmRepository as well.

[emalihin]

Good spot @yafanasiev! In this case it's important that HelmRepository with OCI config supports IAM auth, as not all Helm charts are/can be public.

[hiddeco]

The auto-login does not work for Helm at present because the Helm project makes use of ORAS, which unlike the library we use for OCIRepository objects lacks a component like authn to deal with automagic authentication towards registries.

@souleb is evaluating an adapter component this week to allow ORAS' credential callback to make use of authn. I expect more to be shared about this once he's done with this assessment.