1. Home
  2. Blog

Setup a public available Helm Repository in AWS S3

Setup a public available Helm Repository in AWS S3

drawing drawing drawing drawing

(This table of content was done with Markdownmenu)

I want to show how you can use an ordinary S3-Bucket of AWS as a qualified Helm Repository. This is a cheap alternative and is completely serverless.

This Helm Repo is not a fully functional Helm Repository like the Chartmuseum. Means, some management functions of Helm are not supported with an S3-Bucket. For example, you cannot helm push to add Packages to the Bucket, because S3 does not allow pushing files or change files via api calls Helm is using. But for the customer which does not provide own Helm packages is the Repo fully functional.

There is a plugin for Helm to use a S3-Bucket (https://github.com/hypnoglow/helm-s3). My own experience shows, that this Plugin is working within AWS perfectly, but has problems when you want to open the repo to the world. The user needs to use that plugin.

Setup a S3-Bucket

The setup of the S3-Bucket is straight forward, there is nothing special, you can configure the Bucket as you prefer. If you want to open the Bucket to the world, then it must be public available.

Open the bucket to the public by deactivating the public access restrictions:

For the anonymous user a Bucket Policy must be set. The least privileges for that user is shown below:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "PublicRead",
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::<your bucket name>/*"
    }
  ]
}

With this privilege everyone can download the object in the Bucket, but is not allowed to list them. in the bucket.

Create a local Helm Repo

The first step is to organize a clone of the Repos locally. This process is very simple.

Package all of your Helm projects locally

Firstly, create all of your Helm project in your local repository. For example with the call:

helm package ../kubernetes-authentication/helm/

It will create the needed tgz-file in the folder you called the helm package function. Repeat this step for all Helm projects you have. You will get a list of tgz-files in your folder.

Indexing of the Helm repository locally

Secondly, indexing all tgz-files in your local repository with

helm repo index --url https://<your bucket name>.s3.<your region>.amazonaws.com/ .

Helm creates a file index.yaml which indexes all tgz-files located in your folder. The URL https://<your bucket name>.s3.<your region>.amazonaws.com/ is important, because all Links to the Helm Packages your want to index getting that URL, e.g. https://<your-bucket-name>.s3.<your region>.amazonaws.com/kubernetes-authentication-0.8.0.tgz

The content of the index.yaml looks like that:

apiVersion: v1
entries:
  kubernetes-authentication:
  - annotations:
      Web: https://www.kubernetes-authentication.io
    apiVersion: v2
    created: "2021-09-22T14:52:07.647357534+02:00"
    description: Add authentication sidcars automatically to all of your Apis in your Kubernetes Pods which take over the authentication of a request.
    digest: ef3f8f0cfd25550aa43128ab47ae4c904bc63f6f13434e4db24eeaae12f9f8e8
    home: https://www.kubernetes-authentication.io
    icon: https://www.cleark8s.com/img/g1002.png
    keywords:
    - Authentication
    - Webhook Admission
    - YOTRON
    kubeVersion: '>= 1.16.0'
    maintainers:
    - email: joern.kleinbub@yotron.de
      name: Jörn kleinbub
      url: https://www.yotron.de
    name: kubernetes-authentication
    type: application
    urls:
    - https://<your-bucket-name>.s3.<your region>.amazonaws.com/kubernetes-authentication-0.8.0.tgz
    version: 0.8.0
generated: "2021-09-22T14:52:07.646932757+02:00"

Deploy the Helm packages

Now you must upload all files to your S3-Bucket. This must be done with the out-of-the-box tools of AWS. I am using the AWS Client with my personal credentials to write files to the S3-Bucket.

In principle only the *.tgz files and the index.yaml are needed:

aws s3 cp .://<your-bucket-name>/ --exclude "*" --include "*.tgz"
aws s3 cp index.yaml s3://<your-bucket-name>/

Your Helm Repository is ready.

Add your Repo

Now everyone can use your Repo by:

helm repo add <your fancy name> https://<your-bucket-name>.s3.<your region>.amazonaws.com

try a
Helm repo update

Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "<your fancy name>" chart repository
Update Complete. ⎈Happy Helming!⎈

ArtifactHub

I added my Helm Repository to ArtifactHub so everyone can find my Helm packages.

Are you interested? Let's arrange a call.

Jörn Kleinbub

YOTRON GmbH is founded by Jörn Kleinbub. A consultant for data management, IT automation, DevOps and cloud management with experience in a wide range of project for a lot of different customers in different sectors.

Language

Categories

Recent Posts

OpenSource-Project Grafana-Content-Manager

OpenAI-Chatbot at www.yotron.de

Kubernetes-Ready Rapid Application Development

BigData with Kubernetes, Superset and S3

Technologies

Verlassen des Chats? / Leaving Chat?

Sie verlieren die aktuelle Chatkommunikation. / You are losing the current chat communication.

+49 (0)6196-9737349
info@yotron.de

Send
Read the GDPR/DSGVO