Setting up a private Helm chart repository on GitHub
Helm is a vital part of the current software development landscape. Helm chart is an integral part of the application and it is very important to keep it close to the source code. Versioning of Helm charts allows us to have chart changes deployed at the same time as our app changes and to have different versions of charts on different environments.
While Helm official guides list GitHub Pages as a way of creating a Helm repository, it does not explain how to do it without it being accessible to everyone. For most organisations having a public chart repository is not an option.
What’s not described, is that there is an automated way of publishing such a chart to a GitHub repository. Manual process of packaging a chart, indexing a repository and pushing changes sounds very cumbersome. In this article we tackle both of these issues.
At KMD we have developed a way to set up a private GitHub repository that is both secure and easily accessible as a helm repository. We also have developed Gradle and Node open source plugins that publish charts in an automated way to do the heavy lifting for you :)
Creating and accessing a private GitHub helm chart repository
Creating a private Helm chart repository via GitHub is just as simple as creating a new regular private repo.
Accessing it can be done via raw GitHub files and authorized with Personal Access Tokens. Follow the GitHub guide to create one. Remember to save it securely and not to share it anywhere.
With that out of the way, we can now access the file:
https://github.com/organisation/repository/blob/main/README.mdwith a curl command:
curl https://${PERSONAL_ACCESS_TOKEN}@raw.githubusercontent.com/organisation/repository/main/README.mdIn this way it is both secure and easy to add an url as a Helm repo.
Publishing helm chart to a repository
As mentioned earlier, we have developed open source and free to use Gradle and Node plugins to publish charts in a consistent and automated way. Detailed documentation can be found in their respective readmes.
To use one of them:
- add it as a dependency of your project,
basic Gradle example:
plugins {
id 'dk.kmd.helm.chart.publish'
}- add the Helm chart to your project structure,
.
├── src
├── helm
│ └── your-app-name
│ ├── templates
│ ├── values.yaml
│ └── Chart.yaml
└── ...- add a publish step to your build process,
basic Gradle project example that publishes chart in gradle project.version version:
$ ./gradlew publishHelmChart
-PgitChartRepo.url=https://github.com/organisation/repository
-PgitChartRepo.username=${GITUSERNAME}
-PgitChartRepo.password=${GITPASSWORD}- voila!
Now your chart should be stored and versioned in a remote GitHub Helm chart repository.
Registering new chart repository with Helm
To access charts published in the previous step, we can now register initialized helm repository using helm repo add command.
helm repo add YOUR_REPO_NAME https://${PERSONAL_ACCESS_TOKEN}@raw.githubusercontent.com/organisation/repository/mainTo make sure it was properly added, run helm repo list. It should list your new remote repositories there. To check charts that are published to this new repo run:
helm search -r "YOUR_REPO_NAME/"This should list all charts versioned in a the newly setup repository.
Accessing newly published chart
After all these steps, we are ready to install a published chart. To do that run helm install.
helm install YOUR_REPO_NAME/YOUR_CHART_NAME🥳 Yay! We’ve made it! Your Helm chart has gone through the whole workflow, from your project, through a Helm repository, all the way to your cluster.
At KMD we’ve used this solution for more than a year now and we’re happy with the results. Charts live close to the source code so it’s harder to forget to change the chart definition while developing a project. Changes are versioned and match the project version, so every chart definition change is deployed to the cluster at the same time as the corresponding docker image.
Have fun using our solution!
