helm: Error: Looks like "https://kubernetes-charts.storage.googleapis.com" is not a valid chart repository or cannot be reached

Hello, I am running into some issues with TLS attempting to add the default stable repo. I am on OSX 10.13.5 (17F77) and below is the summary of my issue:

$ rm -Rf ~/.helm
$ /usr/local/bin/helm init --client-only
Creating /Users/XXX/.helm 
Creating /Users/XXX/.helm/repository 
Creating /Users/XXX/.helm/repository/cache 
Creating /Users/XXX/.helm/repository/local 
Creating /Users/XXX/.helm/plugins 
Creating /Users/XXX/.helm/starters 
Creating /Users/XXX/.helm/cache/archive 
Creating /Users/XXX/.helm/repository/repositories.yaml 
Adding stable repo with URL: https://kubernetes-charts.storage.googleapis.com 
Error: Looks like "https://kubernetes-charts.storage.googleapis.com" is not a valid chart repository or cannot be reached: Get https://kubernetes-charts.storage.googleapis.com/index.yaml: net/http: TLS handshake timeout

It appears as though the TLS handshake to the kubernetes-charts.storage.googleapis.com host is failing…

Output of helm version:

$ helm version --client
Client: &version.Version{SemVer:"v2.9.1", GitCommit:"20adb27c7c5868466912eebdf6664e7390ebe710", GitTreeState:"clean"}

$ shasum -a 256 /usr/local/bin/helm
bee3146de8b0cf940e74c9b1e7d3e23a1ffd8f7c4b8aad59c3e5a5152d7b818b  /usr/local/bin/helm

Output of kubectl version:

$ kubectl version
Client Version: version.Info{Major:"1", Minor:"9", GitVersion:"v1.9.0", GitCommit:"925c127ec6b946659ad0fd596fa959be43f0cc05", GitTreeState:"clean", BuildDate:"2017-12-15T21:07:38Z", GoVersion:"go1.9.2", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.3", GitCommit:"2bba0127d85d5a46ab4b778548be28623b32d0b0", GitTreeState:"clean", BuildDate:"2018-05-21T09:05:37Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}

Cloud Provider/Platform (AKS, GKE, Minikube etc.):

Docker4Mac
Version 18.05.0-ce-mac67 (25042)
Channel: edge
0c7f1aa2fa
Kubernetes: v1.10.3

About this issue

  • Original URL
  • State: closed
  • Created 6 years ago
  • Comments: 35 (9 by maintainers)

Most upvoted comments

Note to others that run into this problem. I have had this problem just this morning. The root cause is that certs are not installed in ubuntu:bionic by default.

apt-get install -y ca-certificates

Within the docker build got me moving.

Cheers -steve

+5
sdake on Feb 13, 2019

Exists for me as well, on Mac Os X

+4
sedkis on Jan 24, 2020

it is bug of helm-install pod it adds the name from host /etc/resolv.conf file to all FQDN adresses

search example.com

result DNS query: kubernetes-charts.storage.googleapis.com.example.com

just comment ‘search’ string in /etc/resolv.conf on hosts in kubernetes cluster

I spent about 30 hours on this bug please fix helm-install pod

+4
Krelion on Nov 13, 2018

I am using MacOSX Catalina 10.15.3 and still facing the problems. So, I’ve replaced the stable repo with a mirror repository.

Delete the original stable repo:

$ helm repo remove stable

Add Mirror repo:

helm repo add stable https://charts.ost.ai
+2
maateen on May 19, 2020

The following link really helped me to solve this problem, wish it can help the coming guys:

@VonC gave full explanation and @phiphu has the direct solution in the following link: https://stackoverflow.com/questions/21181231/server-certificate-verification-failed-cafile-etc-ssl-certs-ca-certificates-c

+1
huide9 on Aug 13, 2020

There are several reasons this can happen

  1. you have a proxy in your network. In this case, docker has instructions on using a proxy.
  2. general network problems. these can be debugged with curl -v https://address. DNS may not be resolving, or if it is, that address may be blackholed - meaning blocked by your outgoing network.
  3. and the more likely scenario, is if running ubuntu bionic, the ca-certs are not present by default in the image. I am not sure why the ca certs are not installed by default - they are even installed in the distroless container produced by google and necessary for anything hhtp(S) related to work.

For windows, I am not sure what the problem would be, other than that ca certs are not present on the host.

For mac, ca certs are installed by default.

Cheers -steve

+1
sdake on Apr 6, 2020

I also faced the same issue with helm version 2.9.1

Adding stable repo with URL: https://kubernetes-charts.storage.googleapis.com Error: Looks like “https://kubernetes-charts.storage.googleapis.com” is not a valid chart repository or cannot be reached: Get https://kubernetes-charts.storage.googleapis.com/index.yaml: proxyconnect tcp: EOF

The solution mentioned in #4271 worked for me.

+1
tibwiz on Mar 14, 2019

@thedarkfalcon double check and confirm you dont have an abundance of “broken” or “self-signed” ssl certs in your Keychain.app… I think the issue crops up when you have more than ~150 self-signed certs locally. I had this issue and I cleaned up a ton of development certs I had created and the issue went away.

+1
diclophis on Jul 18, 2018
Read more comments on GitHub
← helm: Error: INSTALLATION FAILED: failed to download
helm: Error: no available release name found →