[SOLVED] helm pull or install: unable to retrieve credentials

helm pull or install: unable to retrieve credentials

When I try to install or pull the Bitnami postgres helm chart, I consistently get an error:

helm pull --debug oci://registry-1.docker.io/bitnamicharts/postgresql

Error: GET "https://registry-1.docker.io/v2/bitnamicharts/postgresql/tags/list": unable to retrieve credentials

helm.go:86: 2025-01-03 12:00:09.845663145 -0500 EST m=+1.353337835 

[debug] GET "https://registry-1.docker.io/v2/bitnamicharts/postgresql/tags/list": unable to retrieve credentials

I have successfully logged into docker using my PAT:

# docker login registry-1.docker.io
Username: pgardella
Password:
Login Succeeded

as well as helm registry login:

# helm registry login registry-1.docker.io
Username: pgardella
Password:
Login Succeeded

I can successfully install other charts, but all of them do not use the oci based registries. Testing with the tomcat bitnami chart, I get the same issue, and it uses the oci based registry as well.

I've reviewed a similar issue here, but it talks about not having a ~/.docker/config.json file. I tried replacing both the ~/.docker/config.json file, and the ~/.config/helm/registry/config.json with the provided basically blank config.json file. Same error.

Finally, this is a helm pull or helm install, not a helm push. And the repos are public.

Other details:

helm version: version.BuildInfo{Version:"v3.16.3", GitCommit:"cfd07493f46efc9debd9cc1b02a0961186df7fdf", GitTreeState:"clean", GoVersion:"go1.22.7"}

kubectl version:

Client Version: v1.32.0
Kustomize Version: v5.5.0
Server Version: v1.31.4+k3s1

Cloud Provider/Platform (AKS, GKE, Minikube etc.): k3s

Server details: Ubuntu 24.04.1 LTS on amd64

tail ~/.config/helm/registry/config.json:

{
        "auths": {
                "https://index.docker.io/v1/": {},
                "https://registry-1.docker.io/v1/": {}
        },
        "credsStore": "pass"
}

tail ~/.docker/config.json:

        "auths": {
                "https://index.docker.io/v1/": {},
                "https://index.docker.io/v1/access-token": {},
                "https://index.docker.io/v1/refresh-token": {},
                "registry-1.docker.io": {}
        },
        "credsStore": "pass",
        "currentContext": "default"
}

Solution

Aha!

I tried this again from my workstation desktop environment, and come to find out that helm was displaying a window to ask for my credentials to access the credentials store.

Since I was logged in via ssh, I never got a window popup.

I'll continue with my bug opened for helm #13594.