Bitnami repo site returns "Access Denied"

[mkesper]

What steps will reproduce the bug?

Open https://charts.bitnami.com/bitnami in browser.
It returns "Access Denied"

What do you see instead?

<Error>
<Code>AccessDenied</Code>
<Message>Access Denied</Message>
<RequestId>4551C0K8QEHDNSZF</RequestId>
<HostId>
+Fwm691GGYgS1HXJwZlXTi53MyjNazKHOvlUUHfodce77osvW7AHl4YgKUF8XMozPf3JJhhm5d8=
</HostId>
</Error>

[carrodher]

Please note this URL is not accessible using a web browser. The only accessible URL is https://charts.bitnami.com/ where a static HTLM is shown. The idea of https://charts.bitnami.com/bitnami is to be used with the Helm CLI

[mkesper]

Thanks for clarifying this! :)
FYI the underlying issue was an update of Nexus repo manager which ran into a limitation of the newer versions of the snakeyaml library.
FasterXML jackson issue
Nexus Repomanager issue, promised to be fixed in 3.44.

[ali-idrizi]

Not sure if related, but when running helm repo add bitnami https://charts.bitnami.com/bitnami I am getting:

Error: looks like "https://charts.bitnami.com/bitnami" is not a valid chart repository or cannot be reached: Get "https://charts.bitnami.com/bitnami/index.yaml": dial tcp: lookup charts.bitnami.com on 172.31.32.1:53: no such host

Both locally and on GitHub Actions.

[hmphu]

Same here

❯ helm repo add bitnami https://charts.bitnami.com/bitnami
Error: looks like "https://charts.bitnami.com/bitnami" is not a valid chart repository or cannot be reached: Get "https://charts.bitnami.com/bitnami/index.yaml": dial tcp: lookup charts.bitnami.com on 8.8.4.4:53: no such host

[ferd]

It appears DNS config is busted or resolves to nothing usable.

dig charts.bitnami.com @8.8.8.8

; <<>> DiG 9.10.6 <<>> charts.bitnami.com @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33437
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;charts.bitnami.com.            IN      A

;; ANSWER SECTION:
charts.bitnami.com.     10209   IN      CNAME   d1xe8nqhpmcyfh.cloudfront.net.

;; AUTHORITY SECTION:
d1xe8nqhpmcyfh.cloudfront.net. 45 IN    SOA     ns-781.awsdns-33.net. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400

[hmphu]

Looks like it is working again on my local , but not my EKS cluster. I think we need to wait sometimes until DNS fixed

❯ dig charts.bitnami.com @8.8.8.8

; <<>> DiG 9.10.6 <<>> charts.bitnami.com @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 14293
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;charts.bitnami.com.		IN	A

;; AUTHORITY SECTION:
bitnami.com.		349	IN	SOA	ns-830.awsdns-39.net. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400

;; Query time: 87 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Nov 02 22:34:09 +07 2022
;; MSG SIZE  rcvd: 128

❯ dig charts.bitnami.com @1.1.1.1

; <<>> DiG 9.10.6 <<>> charts.bitnami.com @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38665
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;charts.bitnami.com.		IN	A

;; ANSWER SECTION:
charts.bitnami.com.	9217	IN	CNAME	d1xe8nqhpmcyfh.cloudfront.net.

;; AUTHORITY SECTION:
d1xe8nqhpmcyfh.cloudfront.net. 60 IN	SOA	ns-781.awsdns-33.net. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400

;; Query time: 117 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Wed Nov 02 22:34:24 +07 2022
;; MSG SIZE  rcvd: 168

[carrodher]

Thanks for reporting this issue. It was a problem in the CloudFront distribution that we used for the Charts repository.

The problem is that terraform recreated the CloudFront collection, creating a new DNS endpoint that needed to replicate globally. A small number of DNS are still resolving the old CloudFront collection name, but for the most part, the issue should be fixed shortly.

[cberg-aot]

Problem persists when running helm dependency update.

[cberg-aot]

Problem persists. 403 Forbidden.

[cberg-aot]

PROBLEM STILL PERSISTS. UPDATE?

[vvp1983]

Problem still persist

[carrodher]

There are users reporting issues accessing the index.yaml from Russian IPs, see #30438. In this comment I explain that there were not any changes on our side as well as providing some workarounds.

[lungershausm]

The problem still exists from Germany too

[carrodher]

It seems there are issues with CloudFlare, which is used under the hood to serve the charts; see #31257.

That said, just so you know, this method of consuming Bitnami Helm charts is neither the default nor the recommended approach. We strongly encourage consuming Bitnami Helm charts as OCI artifacts. For more information, please refer to #30110.