This topic describes how to create a Helm Repository. This is required before pushing and pulling Helm packages. There are three primary types of repositories:
Local repositories: Where you store and share 1st and 2nd party packages with your organization
Remote repositories: Enable you to download from any remote location including external package registries or other Artifactory instances
Virtual repositories: Enable aggregating remote and local repositories enabling your organization to scale by providing a single URL that provides access to multiple repositories and types
For more information on JFrog repositories, see Repository Management Overview.
Prerequisite: You need Admin or Project Admin permissions to create a Helm repository. If you don't have Admin permissions, the option will not be available.
To create a Helm repository:
In the Administration tab, click Repositories | Create a Repository
Select the repository type you want to create, configure the required fields (described in the following list), then click Create Repository.
For example, if you limit the Patterns Allow List to
github.com, the external dependencies will be cached in the "helm" remote repository, and only charts fromhttps://github.com/prometheus-community/helm-charts/are allowed to be cached.For Local Repositories, In the Repository Key field, type a meaningful name for the repository. For example,
Helm-local-repository-1. For more information on local repositories and all their possible settings, see Local Repositories.For Remote Repositories, additionally, verify the Repository URL and update if needed. For more information on Remote Repositories and all their possible settings, see Remote Repositories.
Helm charts often rely on external dependencies listed in the
index.yamlfile. These dependencies can have their dependencies, which means you might not see the complete list of required charts when downloading. This lack of visibility increases the risk of unknowingly downloading malicious components from untrusted sources.Note
For information about working with single-base and multi-base URL repositories, see How to set up a Virtual Helm Repository in Artifactory.
To manage this risk, and maintain the best practice of consuming external charts through Artifactory, you may specify a "safe" Allow List from which dependencies may be downloaded, cached in Artifactory, and configured to rewrite the dependencies so that the Helm client accesses dependencies through a remote repository as follows:
Select the Enable Dependency Rewrite checkbox in the Helm Chart remote repository advanced section.
Specify an Allow List pattern of external resources from which dependencies may be downloaded.
The fields under External Dependency Rewrite are connected to automatically rewriting external dependencies for Helm Charts that require them.
Field
Description
Enable Dependency Rewrite
When selected, external dependencies are rewritten.
Patterns Allow List
An Allow List of Ant-style path expressions that specify where external dependencies may be downloaded from. By default, this is set to
**which means that dependencies may be downloaded from any external source.For example, if you limit the Patterns Allow List to
https://github.com/**, the external dependencies will be cached in the "helm" remote repository, and only charts with a URL starting withhttps://github.com/will be allowed to be cached.For Virtual Repositories, additionally select one or more local or remote repository types to include in the virtual repository. For more information on virtual repositories and all their possible settings, see Virtual Repositories.
Note
When using virtual Helm repositories, Artifactory does not support using YUM or DNF commands that use the
updateinfo.xmlmetadata file.
Click Create Repository. The repository is created, and the Repositories window is displayed.