3
  1. Is this even possible with helm?
  2. What options for security are possible (BasicAuth? Client Certs? OAuth2?)
  3. Is there any example / documentation about this (both server and client side)?
Denis Biondic
  • 7,943
  • 5
  • 48
  • 79

3 Answers3

8

Helm Private Repository using private GitHub repositories.

Steps:

  1. Create a private GitHub repository named private-helm-registry or any.
  2. Place your Raw Helm Charts.

  3. Create a charts folder and place index.yaml and packaged charts in .tgz format inside this folder.

  4. Create a GitHub Personal Access Token with read-only access.

  5. Add your Repository to helm using the following command:

    $ helm repo add helm-registry 'https://<git_hub_personal_access_token>@raw.githubusercontent.com/myGitHubAccountName/private-helm-registry/master/charts/'
"helm-registry" has been added to your repositories

    Note: 

    1. Enclose the Url with single quotes ' '.
2. The trailing / is mandatory.

  6. To add development or other branches as helm repository, use branch name:

    $ helm repo add helm-registry-dev 'https://<git_hub_personal_access_token>@raw.githubusercontent.com/myGitHubAccountName/private-helm-registry/<branch>/charts/'
"helm-registry-dev" has been added to your repositories

Explore more at: Using a private github repo as helm chart repo.

codenio
  • 721
  • 10
  • 17
4

If you want a private helm repository, there are not many options today, at least to my knowledge.

  • Use internal network where you deploy your repository, so it will be not accessible from the outer world.
  • Use helm plugins or write your own.

So basically there are no built-in helm private repositories, but you can achieve required functionality with helm plugins.

Plugin examples:

  • GitHub - it is for using GitHub Pages as a chart repository. Not a private repo, but it shows an idea of a plugin, it is very small and simple.
  • Keybase - similar to GitHub plugin, but stores charts in Keybase instead. Still not private, but can be modified to use keybase /private directories.
  • App Registry - uses app registry (quay.io) to store charts.
  • AWS S3 - provides a way to use Amazon S3 as a private repo for helm charts. I am the author of this plugin, I wrote it because all options above were not suitable for my purposes.
  • Azure Blob Stoage - This blog post contains a way to use Azure Blob storage as a private repo for helm charts
codenio
  • 721
  • 10
  • 17
hypnoglow
  • 1,483
  • 14
  • 16
1

I assume you mean a Helm Repo rather than securing the docker images.

My understanding is that it's just a basic webserver You could just use GCS or S3 and set up the IAM rules to secure them?

Dan
  • 15
  • 6