Cannot Deploy vCluster from the Platform Due to Possible Permissions Issue w/ Helm

Summary

The platform appears perfectly healthy and I can interact with it fine. Deploying a vCluster fails, even though I have been able to deploy fine with our custom image we used before trying this new IB image.

Steps to reproduce

• Log into WebUI
• Deploy a vcluster from the platform's webUI (specifically from a template)

What is the current bug behavior?

After deploying the vCluster this error is immediately presented in the web UI:

error installing / upgrading vcluster: error executing helm upgrade vcluster-zdppf vcluster --repo https://charts.loft.sh --version 0.24.1 --kubeconfig /tmp/2823203157 --namespace loft-default-v-vcluster-zdppf --install --values /tmp/3953645825: (exec: "helm": executable file not found in $PATH)

What is the expected correct behavior?

The vCluster can use Helm to deploy the vCluster as expected.

Relevant logs and/or screenshots

The platform pod logs show similar but more detailed steps:

2025-05-07 16:41:33	ERROR	agent-virtualcluster-instance-controller	virtualclusterinstance/reconcile.go:171	error during virtual cluster helm deploy	{"component": "loft", "object": {"name":"vcluster-zdppf","namespace":"loft-p-default"}, "reconcileID": "189a5a18-b7ec-4a6a-8bed-9fa6397c35aa", "virtualcluster": "vcluster-zdppf", "namespace": "loft-p-default", "error": "error installing / upgrading vcluster: error executing helm upgrade vcluster-zdppf vcluster --repo https://charts.loft.sh --version 0.24.1 --kubeconfig /tmp/562544783 --namespace loft-default-v-vcluster-zdppf --install --values /tmp/276680787:  (exec: \"helm\": executable file not found in $PATH)"}
2025-05-07 16:41:33	ERROR	agent-virtualcluster-sleepmode-controller	controller/controller.go:316	Reconciler error	{"component": "loft", "object": {"name":"vcluster-zdppf","namespace":"loft-p-default"}, "reconcileID": "c66b3736-d37f-4656-ac13-6e6d32ab47cc", "error": "virtualclusters.management.loft.sh \"vcluster-zdppf\" not found"}
2025-05-07 16:41:33	ERROR	agent-virtualcluster-sleepmode-controller	controller/controller.go:316	Reconciler error	{"component": "loft", "object": {"name":"vcluster-zdppf","namespace":"loft-p-default"}, "reconcileID": "f2514b94-6da3-4819-942e-5210ff0088c4", "error": "virtualclusters.management.loft.sh \"vcluster-zdppf\" not found"}
2025-05-07 16:41:33	INFO	virtual-cluster-instance-controller	patch/patch.go:225	Apply metadata/spec/status patch	{"component": "loft", "object": {"name":"vcluster-zdppf","namespace":"loft-p-default"}, "reconcileID": "93d11350-bd66-43dd-9cc6-1e16d195d6ac", "kind": "VirtualClusterInstance", "object": "loft-p-default/vcluster-zdppf", "patch": "{\"status\":{\"message\":\"error installing / upgrading vcluster: error executing helm upgrade vcluster-zdppf vcluster --repo https://charts.loft.sh --version 0.24.1 --kubeconfig /tmp/562544783 --namespace loft-default-v-vcluster-zdppf --install --values /tmp/276680787:  (exec: \\\"helm\\\": executable file not found in $PATH)\"}}"}
2025-05-07 16:41:33	ERROR	agent-virtualcluster-sleepmode-controller	controller/controller.go:316	Reconciler error	{"component": "loft", "object": {"name":"vcluster-zdppf","namespace":"loft-p-default"}, "reconcileID": "f27d55ad-a747-4004-8892-74b2dd184eb9", "error": "virtualclusters.management.loft.sh \"vcluster-zdppf\" not found"}
2025-05-07 16:41:33	ERROR	agent-virtualcluster-instance-controller	controller/controller.go:316	Reconciler error	{"component": "loft", "object": {"name":"vcluster-zdppf","namespace":"loft-p-default"}, "reconcileID": "189a5a18-b7ec-4a6a-8bed-9fa6397c35aa", "error": "error installing / upgrading vcluster: error executing helm upgrade vcluster-zdppf vcluster --repo https://charts.loft.sh --version 0.24.1 --kubeconfig /tmp/562544783 --namespace loft-default-v-vcluster-zdppf --install --values /tmp/276680787:  (exec: \"helm\": executable file not found in $PATH)"}

Possible fixes

I see that the dockerfile sets the permissions for all binaries under /usr/local/bin/ for the root user. I assume this is intentional, but I'm not sure how the vcluster user is supposed to use the binaries in there like helm.

I would expect that if only Helm is fixed that permission issues with other binaries would appear, but I can't see them now.

Tasks

• Bug has been identified and corrected within the container

Please read the Iron Bank Documentation for more info