Charting Helm Hub Through Artifactory
A great many Helm charts dot the landscape of the internet, and it can be hard to know about them all or their whereabouts. To help solve that, Helm created Helm Hub to provide a central catalog of the growing number of public Helm chart repositories.
Browsing the awesome Helm Hub UI, you can see how easy it is to find lots of great Kubernetes-ready apps. Through your browser, you can search for the publicly available charts you need.
With such a large and growing set of listings, wouldn’t it be great if your build automation tools could use Helm Hub as the single central location to pull Helm charts for your entire organization? But that’s not easy to do; you can’t access Helm Hub through the Helm CLI.
To remedy this, we created the Helm-hub-sync tool for the Helm community. This utility helps you create and maintain a virtual Helm chart repository in JFrog Artifactory that can be that single source of truth.
Helm Chart Best Practice
Artifactory supports Helm-compatible repositories. These can be local repos for charts that are private to your organization, or remote repositories that proxy a public Helm repo.
The Helm-hub-sync tool runs in a K8s cluster and retrieves the list of repos from Helm Hub. It automatically creates remote repositories in Artifactory to proxy each of Helm Hub’s listed repos, and also creates a virtual repository in Artifactory that includes them all.
You can then pull any Helm chart that is listed by Helm Hub from the single URL of the virtual helmhub repository in Artifactory. As a bonus, you’ll also gain the faster retrieval speed of pulling the chart from the proxy in Artifactory.
Installing Helm-hub-sync
The JFrog public Helm chart repository provides the fastest and most reliable way for installing Helm-hub-sync to a Kubernetes cluster.
Before You Start
To install Helm-hub-sync to a K8s cluster, you’ll need to make sure to have these prerequisite conditions:
- A Kubernetes cluster with RBAC enabled
- Helm installed with
helm init
or Tillerless Helm way - Artifactory or Artifactory HA installed, and user which can add/edit/delete virtual and remote Helm repositories
Step 1: Add the Helm Chart Repository
Using the helm repo add command of the Helm client, add the JFrog public Helm chart repository.
$ helm repo add jfrog https://charts.jfrog.io
$ helm repo update
Step 2: Define Helm Chart Overrides
To configure Helm-hub-sync the best practices is to use an override-values.yaml
file:
env:
artifactory:
url: "https://artifactory.mydomain.com/artifactory"
authData: "user:user_api_key"
The example override-values.yaml
file above sets Artifactory URL to be connected to and credentials of the user.
Note: Replace mydomain.com with your domain, also replace user and user_api_key with actual values.
Step 3: Install Helm-hub-sync
Now you are ready to install Helm-hub-sync through the Helm chart:
$ helm upgrade --install helm-hub-sync --namespace helm-hub-sync jfrog/helm-hub-sync -f override-values.yaml
Release "helm-hub-sync" does not exist. Installing it now.
NAME: helm-hub-sync
NAMESPACE: helm-hub-sync
STATUS: DEPLOYED
RESOURCES:
==> v1/ConfigMap
NAME DATA AGE
helm-hub-sync 8 2s
==> v1/Deployment
NAME READY UP-TO-DATE AVAILABLE AGE
helm-hub-sync 0/1 1 0 2s
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
helm-hub-sync-6d8bfbffcb-b8ttb 0/1 ContainerCreating 0 2s
==> v1/Secret
NAME TYPE DATA AGE
helm-hub-sync Opaque 1 3s
==> v1/ServiceAccount
NAME SECRETS AGE
helm-hub-sync 1 2s
You can check the Helm-hub-sync application by running:
kubectl get pods --namespace helm-hub-sync
Step 4: Set central Helm repository
With Helm-hub-sync installed into your Kubernetes cluster, you can set your Helm client to use helmhub repository as your single central location to consume charts from.
$ helm repo add helmhub https://artifactory.mydomain.com/artifactory/helmhub/ --username user --password user_api_key
$ helm repo update
Note: Replace mydomain.com with your domain, also replace admin and admin_password with actual values.
Verifying Your Helm Repo
Once Helm-hub-sync is installed, you can verify that the virtual helmhub repository and its remote repositories were created in Artifactory:
- Open Artifactory in your browser and display the list of virtual repositories. For example: https://artifactory.mydomain.com/artifactory/webapp/#/admin/repositories/virtual
- You should see helmhub listed among your virtual repositories, with a large number of included repositories. To see that list, click on helmhub, then scroll down to Included repositories.
You should see a long list of Helm repositories that have been added as remote repositories.
Using the Virtual Helm Repository
The helmhub virtual repository can be accessed through its URL just like any other Artifactory repository. You can access any of the charts held in any of the remote repositories as if they were all held in a single helmhub repository.
For example, you can use the Helm CLI to find charts, as in this search for “artifactory” in helmhub:
$ helm search helmhub/artifactory
NAME CHART VERSION APP VERSION DESCRIPTION
helmhub/artifactory 7.16.11 6.11.6 Universal Repository Manager supporting all major packagi...
helmhub/artifactory-ha 0.15.14 6.11.6 Universal Repository Manager supporting all major packagi...
Take note that the remote repository where the chart is actually held is not identified. That’s the way Artifactory’s virtual repositories work — they masquerade as a single repo for your convenience.
This benefit can be a problem, however, if there are charts with the same names in different remote repositories. In this case, only the chart with the highest version number will be shown.
To see all charts of the same name from all remote repositories, specify -l flag. This will force the Helm CLI to show the long listing, with each version of the chart:
$ helm search helmhub/chart-name -l
It’s also worth noting that the stable charts repository is excluded from the helmhub virtual repository. We’ve chosen to do that because Helm Hub is expected to replace stable as the common public repository, and Helm v3 beta no longer adds the stable repo by default. The charts that stable contains are increasingly likely to be duplicated in other repos.
If you want to access stable repo charts through an Artifactory helm remote repository, you must add it manually. If you choose, you can also add that remote repo to the helmhub virtual repository.
Charting the Next Course
Once you’ve installed Helm-hub-sync and started it running, Artifactory is ready to serve Helm charts from any of the public repositories that are listed on Helm Hub. Through a virtual repository Artifactory instantly becomes your system’s single source of truth.
Of course Helm Hub is a living catalog and new repositories are added all the time. That’s why Helm-hub-sync will continue to monitor Helm Hub and update the helmhub repository in Artifactory as new Helm chart repos appear.
You can also use local Helm repositories in Artifactory to store the Helm charts for your organization’s private K8s apps. This helps you create a comprehensive Kubernetes registry where all the components of your application are fully traceable through a central artifact manager.
If you choose, you can even combine those local Helm repositories and the helmhub virtual repository into another virtual repository. This provides you with a single URL for access to both private and public Helm chart repos.
As the geography of Helm and Kubernetes grows wider, it gets harder to navigate. With the Helm-hub-sync tool, Artifactory becomes an even speedier way to cruise through.