chartmuseum is an open source Helm Chart Repository that supports a variety of backend stores including GCS, S3, etc.

API

chartmuseum provides several APIs to implement the capabilities of the Helm Chart Repository.

  • GET /index.yaml - Get the helm chart list when executing helm repo add chartmuseum http://localhost:8080/
  • GET /charts/mychart-0.1.0.tgz - Download the corresponding chart when you run helm install chartmuseum/mychart.
  • GET /charts/mychart-0.1.0.tgz.prov - execute helm install with the --verify flag to get the provenance file for verification
  • POST /api/charts - upload a new chart
  • POST /api/prov - upload a new provenance file (record provenance for integrity verification)
  • DELETE /api/charts/<name>/<version> - Delete a chart version and the associated provenance file
  • GET /api/charts - list all charts
  • GET /api/charts/<name> - List all versions of a chart
  • GET /api/charts/<name>/<version> - Get description information for a specific version of a chart
  • GET / - welcome page
  • GET /health - returns 200 OK

Install chartmuseum

GoFish

1
2
3

gofish install chartmuseum
==> Installing chartmuseum...
🐠  chartmuseum 0.9.0: installed in 95.431145ms

Binary installation

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

# on Linux
curl -LO https://s3.amazonaws.com/chartmuseum/release/latest/bin/linux/amd64/chartmuseum

# on macOS
curl -LO https://s3.amazonaws.com/chartmuseum/release/latest/bin/darwin/amd64/chartmuseum

# on Windows
curl -LO https://s3.amazonaws.com/chartmuseum/release/latest/bin/windows/amd64/chartmuseum

chmod +x ./chartmuseum
mv ./chartmuseum /usr/local/bin

Create the systemd file.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12

cat /etc/systemd/system/chartmuseum.service
[Unit]
Description=chartmuseum
Documentation=Helm Chart Repository
After=network.target

[Service]
EnvironmentFile=/etc/chartmuseum/config
ExecStart=/usr/local/bin/chartmuseum $OPTIONS

[Install]
WantedBy=multi-user.target

Add Configuration.

1
2

# cat /etc/chartmuseum/config
OPTIONS=--debug --port=9091 --storage="local" --storage-local-rootdir="/data/chartstorage"

Start

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18

# systemctl daemon-reload
# systemctl restart chartmuseum.service
# systemctl status chartmuseum.service
* chartmuseum.service - chartmuseum
   Loaded: loaded (/etc/systemd/system/chartmuseum.service; disabled; vendor preset: enabled)
   Active: active (running) since Mon 2019-09-16 13:59:01 CST; 6s ago
 Main PID: 26524 (chartmuseum)
    Tasks: 7
   Memory: 4.0M
      CPU: 23ms
   CGroup: /system.slice/chartmuseum.service
           `-26524 /usr/local/bin/chartmuseum --debug --port=9091 --storage=local --storage-local-rootdir=/data/chartstorage

Sep 16 13:59:01 node-1 systemd[1]: Stopped chartmuseum.
Sep 16 13:59:01 node-1 systemd[1]: Started chartmuseum.
Sep 16 13:59:01 node-1 chartmuseum[26524]: 2019-09-16T13:59:01.875+0800        DEBUG        Fetching chart list from storage        {"repo": ""}
Sep 16 13:59:01 node-1 chartmuseum[26524]: 2019-09-16T13:59:01.875+0800        DEBUG        No change detected between cache and storage        {"repo": ""}
Sep 16 13:59:01 node-1 chartmuseum[26524]: 2019-09-16T13:59:01.875+0800        INFO        Starting ChartMuseum        {"port": 9091}

Installing with Docker

1
2
3
4
5
6
7

docker run --rm -it \
  -p 8080:8080 \
  -e DEBUG=1 \
  -e STORAGE=local \
  -e STORAGE_LOCAL_ROOTDIR=/charts \
  -v $(pwd)/charts:/charts \
  chartmuseum/chartmuseum:latest

Use

Add local repository

1

helm repo add chartmuseum http://172.16.106.1:9091

Upload

Upload the chart by requesting the chartmuseum api.

1
2

# curl --data-binary "@confluence-6.15.9.tgz" http://172.16.106.1:9091/api/charts
{"saved":true}

Update the local cache and then you can view the existing charts.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10

# helm repo update
Hang tight while we grab the latest from your chart repositories...
...Skip local chart repository
...Successfully got an update from the "chartmuseum" chart repository
...Successfully got an update from the "stable" chart repository
Update Complete.
# helm search chartmuseum/
NAME                  	CHART VERSION	APP VERSION	DESCRIPTION
chartmuseum/confluence	6.15.9       	1.16.0     	A Helm chart for Kubernetes
chartmuseum/jira      	8.3.3        	1.16.0     	A Helm chart for Kubernetes

Installation from chartmuseum

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22

# helm install chartmuseum/confluence
NAME:   bold-lambkin
LAST DEPLOYED: Mon Sep 16 14:49:34 2019
NAMESPACE: default
STATUS: DEPLOYED

RESOURCES:
==> v1/Pod(related)
NAME                           READY  STATUS   RESTARTS  AGE
bold-lambkin-75d85978d9-spt6r  0/1    Pending  0         1s

==> v1/Service
NAME          TYPE      CLUSTER-IP      EXTERNAL-IP  PORT(S)         AGE
bold-lambkin  NodePort  10.105.153.159  <none>       8090:30905/TCP  1s

==> v1beta2/Deployment
NAME          READY  UP-TO-DATE  AVAILABLE  AGE
bold-lambkin  0/1    0           0          1s


NOTES:
1. Get the application URL by running these commands:

Multi-tenancy

chartmuseum supports the use of -depth to define the depth of the chart url hierarchy, so this depth can be used to implement multi-tenancy.

You can specify --depth=2 at startup to define a two-tier structure for an organization/repository.

1

chartmuseum --debug --depth=2 --storage="local" --storage-local-rootdir=. /charts

Hierarchy of charts.

1
2
3
4
5
6
7

charts
├── org1
│   ├── repoa
│   │   └── nginx-ingress-0.9.3.tgz
├── org2
│   ├── repob
│   │   └── chartmuseum-0.4.0.tgz

The difference between uploading Chart.

1

curl -F "chart=@mychart-0.1.0.tgz" http://localhost:8080/api/org1/repoa/charts