Azure-cli: az acr helm repo login

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @yugangw-MSFT, @toddysm.

acr

it is already supported, but for helm 2, are you using helm3?

https://docs.microsoft.com/en-us/azure/container-registry/container-registry-helm-repos#add-repository-to-helm-client

Yes I'm using helm 3.

Following up on this one, would really love to have the Azure CLI able to take care of this based on the currently authenticated user.

Please note: What I'm asking for is not in relation to repositories, but to the new OCI registries in helm 3.

Yes, we can have the command to take a helm3 command line and drive the authentication flow. Let us discuss with the team and update here

@yugangw-msft any update on this? helm2 is essentially deprecated, looking for azure supported authentication flow with helm3.

@tommy-dunn - Agreed, would be nice if azure CLI could help us out here.

@yugangw-msft If we have a plan, let's update the thread.

@shizhMSFT @sajayantony, does it make sense that we expose az acr helm login and underneath we can invoke helm3's login command to set all up? If yes, does helm3 accept other credentials on top of the service principal? The other concern, minor, is we have already marked the whole "az acr helm" folder as deprecated as it was for helm2, so we might need to start from somewhere else like "az acr helm3 login"

@yugangw-msft using az acr helm repo add -n myregistry works, helm repo add https://myrepo.azurecr.io/helm/v1 does not. So we are dependent on az cli to login, and renewing the accesstoken. Is there a timeline for login in with helm natively? using OCI type helm charts is not feasable, since it the implementation is missing alot of features.

@ArgTang, two questions
1. On renewing access tokens, did you log in az cli using user account? If yes, that means az cli will need to drive helm3 command
2. Are you looking at helm3 or helm2? I thought you were on helm3, but not so sure any more per your comment of using OCI type helm charts is not feasible

yes using user account.

We are using helm3. We tried using OCI, but there are currently too many restrictions that we can use it. With the deprecation of the az acr helm commands and the docs that steers users towards using OCI, i just need to voice the need for the current helm workflow until the OCI implementation becomes more feature complete.

@SteveLasker + @bridgetkromhout

ArgTang, can you help us understand the gaps you need filled?

@SteveLasker When i tested OCI charts there was two blockers.

1. helm (upgrade --)install myocirelease acrrepo/ocichart is not implemented. This is a user experience issue because it is a major workflow change, but more importantly is not compatible with tools like argocd and fluxcd.
2. OCI charts as a dependency, is missing from helm. Any non trivial chart have one or more dependencies, so we are unable to migrate from non-oci charts.
   ````
   apiVersion: v2
   name: mychart
   version: 1.0.0
   dependencies:
3. name: ocichart
   version 1.0.0
   repository: acrrepo.azure.io/myocichartdependency
   ````

I know it is being worked on and will be available in the future. But in my opinion without these features ready, it is somewhat premature to steer everyone towards using OCI charts and deprecating/removing the old workflow. Although I am talking about core Helm features, it has an impact on how to consume helm charts from the acr registry. I hope that helps.