Helm Chart Repository Guide
Artifact Keeper provides a Helm chart repository for hosting and distributing Kubernetes application packages.
Endpoint
Helm operations use the /helm endpoint:
http://localhost:8080/helmConfiguration
Add Helm Repository
Add Artifact Keeper as a Helm chart repository:
helm repo add artifact-keeper http://localhost:8080/helmWith authentication:
helm repo add artifact-keeper http://localhost:8080/helm \ --username your-username \ --password your-passwordUpdate Repository Index
Fetch the latest chart information:
helm repo updateList Repositories
View configured repositories:
helm repo listPublishing Charts
Create a Helm Chart
Generate a new chart:
helm create my-chartThis creates a chart structure:
my-chart/├── Chart.yaml├── values.yaml├── templates/│ ├── deployment.yaml│ ├── service.yaml│ └── _helpers.tpl└── charts/Chart.yaml
Define chart metadata in Chart.yaml:
apiVersion: v2name: my-chartdescription: A Helm chart for Kubernetestype: applicationversion: 0.1.0appVersion: "1.0.0"
keywords: - application - kubernetes
maintainers: - name: Your Name email: you@example.com
home: https://github.com/yourusername/my-chartsources: - https://github.com/yourusername/my-chart
dependencies: - name: postgresql version: "12.1.0" repository: https://charts.bitnami.com/bitnami condition: postgresql.enabledPackage Chart
Create a chart archive:
helm package my-chartThis creates my-chart-0.1.0.tgz.
Publish Chart
Push the chart to Artifact Keeper using the Helm OCI or HTTP protocol:
Option 1: Using helm-push Plugin
Install the helm-push plugin:
helm plugin install https://github.com/chartmuseum/helm-pushPush the chart:
helm cm-push my-chart-0.1.0.tgz artifact-keeperOr push directly from directory:
helm cm-push my-chart/ artifact-keeperOption 2: Using curl
curl -u username:password \ --data-binary "@my-chart-0.1.0.tgz" \ http://localhost:8080/helm/api/chartsOption 3: OCI Registry (if supported)
# Login to OCI registryhelm registry login localhost:8080 -u username
# Package and pushhelm push my-chart-0.1.0.tgz oci://localhost:8080/helmInstalling Charts
Search for Charts
Search the repository:
helm search repo artifact-keeperhelm search repo artifact-keeper/my-chartShow chart details:
helm show chart artifact-keeper/my-charthelm show values artifact-keeper/my-charthelm show all artifact-keeper/my-chartInstall Chart
Install a chart from Artifact Keeper:
helm install my-release artifact-keeper/my-chartInstall specific version:
helm install my-release artifact-keeper/my-chart --version 0.1.0Install with custom values:
helm install my-release artifact-keeper/my-chart \ --set service.type=LoadBalancer \ --set replicaCount=3Or use a values file:
helm install my-release artifact-keeper/my-chart -f custom-values.yamlInstall to Specific Namespace
helm install my-release artifact-keeper/my-chart \ --namespace my-namespace \ --create-namespaceManaging Releases
List Installed Charts
helm listhelm list --namespace my-namespacehelm list --all-namespacesUpgrade Release
helm upgrade my-release artifact-keeper/my-chartUpgrade to specific version:
helm upgrade my-release artifact-keeper/my-chart --version 0.2.0Rollback Release
helm rollback my-releasehelm rollback my-release 1 # Rollback to specific revisionUninstall Release
helm uninstall my-releasehelm uninstall my-release --namespace my-namespaceChart Versioning
Semantic Versioning
Follow semantic versioning in Chart.yaml:
version: 1.2.3# Major.Minor.PatchVersion Constraints
In chart dependencies:
dependencies: - name: redis version: "~6.2.0" # >= 6.2.0, < 6.3.0 repository: http://localhost:8080/helm
- name: postgresql version: "^12.0.0" # >= 12.0.0, < 13.0.0 repository: http://localhost:8080/helmApp Version
Track application version separately:
version: 1.0.0 # Chart versionappVersion: "2.5.1" # Application versionChart Dependencies
Define Dependencies
In Chart.yaml:
dependencies: - name: redis version: "17.0.0" repository: http://localhost:8080/helm condition: redis.enabled
- name: postgresql version: "12.1.0" repository: http://localhost:8080/helm condition: postgresql.enabled tags: - databaseDownload Dependencies
helm dependency update my-chartThis downloads dependencies to charts/ directory.
List Dependencies
helm dependency list my-chartChart Repository Index
The repository index is automatically maintained at /helm/index.yaml.
View Index
curl http://localhost:8080/helm/index.yamlExample index.yaml:
apiVersion: v1entries: my-chart: - name: my-chart version: 0.1.0 description: A Helm chart for Kubernetes created: "2024-01-15T10:00:00Z" digest: sha256:abc123... urls: - http://localhost:8080/helm/charts/my-chart-0.1.0.tgz - name: my-chart version: 0.2.0 description: A Helm chart for Kubernetes created: "2024-01-20T10:00:00Z" digest: sha256:def456... urls: - http://localhost:8080/helm/charts/my-chart-0.2.0.tgzIntegration with CI/CD
GitHub Actions
name: Package and Publish Helm Charton: push: tags: - 'v*'
jobs: publish: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4
- name: Install Helm uses: azure/setup-helm@v3 with: version: '3.13.0'
- name: Package chart run: | helm package charts/my-chart --version ${{ github.ref_name }}
- name: Install helm-push plugin run: | helm plugin install https://github.com/chartmuseum/helm-push
- name: Add Helm repository run: | helm repo add artifact-keeper http://registry.example.com/helm \ --username ${{ secrets.HELM_USER }} \ --password ${{ secrets.HELM_PASSWORD }}
- name: Push chart run: | helm cm-push my-chart-*.tgz artifact-keeperGitLab CI
publish-chart: image: alpine/helm:latest stage: deploy script: - helm plugin install https://github.com/chartmuseum/helm-push - helm repo add artifact-keeper $HELM_REPO_URL --username $HELM_USER --password $HELM_PASSWORD - helm package charts/my-chart - helm cm-push my-chart-*.tgz artifact-keeper only: - tagsJenkins Pipeline
pipeline { agent any
tools { helm 'Helm 3.13' }
stages { stage('Package and Publish') { steps { sh ''' helm plugin install https://github.com/chartmuseum/helm-push helm repo add artifact-keeper ${HELM_REPO_URL} \ --username ${HELM_USER} \ --password ${HELM_PASSWORD} helm package charts/my-chart helm cm-push my-chart-*.tgz artifact-keeper ''' } } }}Testing Charts
Lint Chart
Validate chart syntax and structure:
helm lint my-chartTemplate Rendering
Preview rendered Kubernetes manifests:
helm template my-release my-chartWith custom values:
helm template my-release my-chart -f custom-values.yamlDry Run Installation
Test installation without deploying:
helm install my-release artifact-keeper/my-chart --dry-run --debugChart Testing
Use chart-testing tool:
# Install ctbrew install chart-testing
# Lint and testct lint --charts charts/my-chartct install --charts charts/my-chartAdvanced Features
Provenance and Integrity
Sign charts with GPG:
# Package and signhelm package my-chart --sign --key 'Your Name' --keyring ~/.gnupg/secring.gpg
# Verify signaturehelm verify my-chart-0.1.0.tgzChart Hooks
Define lifecycle hooks in templates:
apiVersion: batch/v1kind: Jobmetadata: name: "{{ .Release.Name }}-setup" annotations: "helm.sh/hook": pre-install "helm.sh/hook-weight": "0" "helm.sh/hook-delete-policy": hook-succeededspec: template: spec: containers: - name: setup image: busybox command: ["sh", "-c", "echo Setting up..."] restartPolicy: NeverChart Library
Create reusable chart libraries:
apiVersion: v2name: commontype: libraryversion: 1.0.0Use in other charts:
dependencies: - name: common version: "1.0.0" repository: http://localhost:8080/helmTroubleshooting
Repository Not Found
Update repository index:
helm repo updateVerify repository URL:
helm repo listAuthentication Errors
Re-add repository with credentials:
helm repo remove artifact-keeperhelm repo add artifact-keeper http://localhost:8080/helm \ --username your-username \ --password your-passwordChart Installation Failures
Enable debug output:
helm install my-release artifact-keeper/my-chart --debugCheck Kubernetes events:
kubectl get events --namespace my-namespaceVersion Conflicts
List available versions:
helm search repo artifact-keeper/my-chart --versionsInstall specific version:
helm install my-release artifact-keeper/my-chart --version 0.1.0Best Practices
Chart Structure
my-chart/├── Chart.yaml # Chart metadata├── values.yaml # Default values├── values.schema.json # JSON schema for validation├── README.md # Chart documentation├── templates/│ ├── NOTES.txt # Post-install notes│ ├── _helpers.tpl # Template helpers│ ├── deployment.yaml│ ├── service.yaml│ ├── ingress.yaml│ └── tests/│ └── test-connection.yaml└── .helmignore # Ignore patternsValues.yaml
Provide sensible defaults:
replicaCount: 1
image: repository: nginx pullPolicy: IfNotPresent tag: "1.21"
service: type: ClusterIP port: 80
ingress: enabled: false className: "" annotations: {} hosts: - host: chart-example.local paths: - path: / pathType: ImplementationSpecific
resources: limits: cpu: 100m memory: 128Mi requests: cpu: 100m memory: 128MiDocumentation
Include NOTES.txt for post-install instructions:
Thank you for installing {{ .Chart.Name }}.
Your release is named {{ .Release.Name }}.
To learn more about the release, try:
$ helm status {{ .Release.Name }} $ helm get all {{ .Release.Name }}
To access the application:
{{- if .Values.ingress.enabled }} http://{{ index .Values.ingress.hosts 0 "host" }}{{- else }} kubectl port-forward service/{{ include "my-chart.fullname" . }} 8080:{{ .Values.service.port }}{{- end }}See Also
- Security Scanning - Automatic vulnerability scanning for container images in Helm charts
- Security Policies - Configure policies to block vulnerable charts
- Docker Guide - Container image management for Helm chart dependencies