Store and consume Helm charts using GitLab’s private registry

1_4Q22VCl2oXB6Wes92b06FQ.jpeg

In this article I’ll show how to store and consume Helm charts in GitLab’s private registry.

You’ll learn how to create 2 simple helm charts, called store-chart and consume-chart where store-chart will be stored in GitLab and consume-chart will consume the stored chart.

The following directory structure outlines the final result.

                ├── charts
│   ├── store-chart
│   │   ├── templates
│   │   │   └── config.yaml
│   │   ├── values.yaml
│   │   └── Chart.yaml
│   │
│   └── consume-chart
│       ├── values.yaml
│       └── Chart.yaml
│   
├── .gitlab-ci.yaml
└── README.md
            

To see a working example see GitLab.

Create the store-chart

Let’s create the store-chart first and add the following to the config.yaml.

                apiVersion: v1
kind: ConfigMap
metadata:
  name: {{ $.Values.name }}-config
data:
  foo: bar
            

Create the Chart.yaml.

                apiVersion: v2
name: store-chart
description: Store a Helm chart in GitLab's private registry.
type: application
version: 1.0.0
            

And finally the default values in the values.yaml.

                name: default-name
            

Store the chart in GitLab

Now create a basic .gitlab-ci.yml.

                default:
  image: 
    name: alpine/helm:3.9.4
    entrypoint: [""] 

stages:
  - publish

publish-chart:
  stage: publish
  variables:
    CHART_PATH: ./charts/store-chart
    CHART_REPO: charts
  script:
    - helm registry login -u ${CI_REGISTRY_USER} -p ${CI_REGISTRY_PASSWORD} ${CI_REGISTRY}
    - helm repo add --username ${CI_REGISTRY_USER} --password ${CI_REGISTRY_PASSWORD} ${CHART_REPO} https://gitlab.com/api/v4/projects/${CI_PROJECT_ID}/packages/helm/stable
    - helm package $CHART_PATH
    - helm push store-chart-1.0.0.tgz oci://${CI_REGISTRY_IMAGE}/${CHART_REPO}
            

For convenience use the alpine/helm image so the helm cli is given out-of-the-box to you. Explicitly override the entrypoint, to prevent running a subcommand of the helm cli.

  1. First login into the GitLab registry, using solely GitLab’s built-in variables.
  2. Add the stable helm chart repository given by GitLab. The chart repository follows the following URL structure.

                https://gitlab.example.com/api/v4/projects/<project_id>/packages/helm/<channel>
            

3. Create the Helm package and push it to GitLab’s private registry.

You should now be able to run the pipeline.

                Initialized empty Git repository in /builds/datails/store-and-consume-helm-charts/.git/
Created fresh repository.
Checking out cb728eea as main...
Skipping Git submodules setup
Executing "step_script" stage of the job script
00:04
Using docker image sha256:f8bb0f201e7557131bf82e50e7dda0e47382d8fdecd20c9edb3fc9f7abb025e1 for alpine/helm:3.9.4 with digest alpine/helm@sha256:df362a6029d9d931101df528c2ba8e0d9eead16fac2100f436e13141b499d8d0 ...
$ helm registry login -u ${CI_REGISTRY_USER} -p ${CI_REGISTRY_PASSWORD} ${CI_REGISTRY}
WARNING: Using --password via the CLI is insecure. Use --password-stdin.
Login Succeeded
$ helm repo add --username ${CI_REGISTRY_USER} --password ${CI_REGISTRY_PASSWORD} ${CHART_REPO} https://gitlab.com/api/v4/projects/${CI_PROJECT_ID}/packages/helm/stable
"charts" has been added to your repositories
$ helm package $CHART_PATH
Successfully packaged chart and saved it to: /builds/datails/store-and-consume-helm-charts/store-chart-1.0.0.tgz
$ helm push store-chart-1.0.0.tgz oci://${CI_REGISTRY_IMAGE}/${CHART_REPO}
Pushed: registry.gitlab.com/datails/store-and-consume-helm-charts/charts/store-chart:1.0.0
Digest: sha256:8fb281ae7a343ef5a7abc4ba268ad1b5fe8374d69f242e304541bc56aa6d1b35
Cleaning up project directory and file based variables
00:01
Job succeeded
            

Now verify if the chart has been created.

All done!

Create the consumer

Now let’s create the consume-chart and add the following:

                apiVersion: v2
name: app1
type: application
version: 1.0.0
description: Using the chart from GitLab's private registry.
dependencies:
  - name: store-chart
    version: 1.0.0
    repository: oci://registry.gitlab.com/datails/store-and-consume-helm-charts/charts
            

To use the store-chart refer to it as a dependency, where the repository URL equals the registry URL found in GitLab, as shown in the last step of storing the chart.

Now override the default values of the chart by adding a values.yaml:

                # prefix with name of dependent chart
store-chart:
  name: override-name
            

Note the store-chart prefix key is necessary here to override the values of a the dependency.

Update your .gitlab-ci.yml to verify if you can consume your chart from the pipeline:

                default:
  image: 
    name: alpine/helm:3.9.4
    entrypoint: [""] 

stages:
  - publish
  - deploy

publish-chart:
  stage: publish
  variables:
    CHART_PATH: ./charts/store-chart
    CHART_REPO: charts
  script:
    - helm registry login -u ${CI_REGISTRY_USER} -p ${CI_REGISTRY_PASSWORD} ${CI_REGISTRY}
    - helm repo add --username ${CI_REGISTRY_USER} --password ${CI_REGISTRY_PASSWORD} ${CHART_REPO} https://gitlab.com/api/v4/projects/${CI_PROJECT_ID}/packages/helm/stable
    - helm package $CHART_PATH
    - helm push store-chart-1.0.0.tgz oci://${CI_REGISTRY_IMAGE}/${CHART_REPO} 

consume-chart:
  stage: deploy
  script:
    - echo 'Write result to stdout:::'
    - cd charts/consume-chart && helm dependency build && helm template --debug .
            

The consume-chart step should now output the following:

                Initialized empty Git repository in /builds/datails/store-and-consume-helm-charts/.git/
Created fresh repository.
Checking out 35d9ae05 as main...
Skipping Git submodules setup
Executing "step_script" stage of the job script
00:02
Using docker image sha256:f8bb0f201e7557131bf82e50e7dda0e47382d8fdecd20c9edb3fc9f7abb025e1 for alpine/helm:3.9.4 with digest alpine/helm@sha256:df362a6029d9d931101df528c2ba8e0d9eead16fac2100f436e13141b499d8d0 ...
$ echo 'Write result to stdout:::'
Write result to stdout:::
$ cd charts/consume-chart && helm dependency build && helm template --debug .
Saving 1 charts
Downloading store-chart from repo oci://registry.gitlab.com/datails/store-and-consume-helm-charts/charts
Pulled: registry.gitlab.com/datails/store-and-consume-helm-charts/charts/store-chart:1.0.0
Digest: sha256:474d72399e64f6fce82ece8390d9fa3ac3150d8aaf0b2ca1143905d5812765a3
Deleting outdated charts
install.go:178: [debug] Original chart version: ""
install.go:195: [debug] CHART PATH: /builds/datails/store-and-consume-helm-charts/charts/consume-chart
---
# Source: app1/charts/store-chart/templates/config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: override-name-config
data:
  foo: bar
Cleaning up project directory and file based variables
00:00
Job succeeded
            

All done, you can see the name of the ConfigMap has been successfully overwritten 🚀!


Only registered users can post comments. Please, login or signup.

Start blogging about your favorite technologies and get more readers

Join other developers and claim your FAUN account now!

Avatar

Robert-Jan Kuyper

Freelance Software Engineer, Datails

@datails
Stats
7

Influence

369

Total Hits

1

Posts