AWS S3 bucket to host a Helm chart repository
What’s Helm chart
Helm is a package manager for Kubernetes. Helm Charts help you define, install, and upgrade even the most complex Kubernetes application. Charts are easy to create, version, share, and publish — so start using Helm and stop the copy-and-paste.
Helm uses a packaging format called charts. A chart is a collection of files that describe a set of Kubernetes resources that are relative to each other. A single chart might be used to deploy something simple, like a caches pod, or something complex, like a full web app stack with HTTP servers, databases, caches, and so on. Charts are created as files that follow a particular tree directory structure. They can be packaged into versioned archives to be deployed in multiple environments.
Here we are not covering the Helm training, if you are new to helm please read this article Helm quick start guide. In this article, we are going o show you, how to configure an AWS S3 bucket to host a Helm chart repository, how to push charts to it, and how to install charts from the s3 chart repository.
Prerequisite
- AWS CLI
- You need to have python 2.7 or +
- pip is already installed if you are using Python 2 >=2.7.9 or Python 3 >=3.4
- sudo apt-get install python-pip [ for ubuntu ] or easy_install pip [for mac]
- pip install awscli
- Helm
- Mac: brew install helm
- Ubuntu:
- curl https://baltocdn.com/helm/signing.asc | sudo apt-key add -
- sudo apt-get install apt-transport-https — yes
- echo “deb https://baltocdn.com/helm/stable/debian/ all main” | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list
- sudo apt-get update
- sudo apt-get install helm
- For other OS please see: https://helm.sh/docs/intro/install/
Create IAM user with a custom policy
You need to create an IAM user to to upload charts to helm s3 repository. You can create the bucket using the AWS CLI, IaC, or using the AWS Console. Here in this example, I used the AWS Console to create a user called helm-repo-user and attached a custom policy as mentioned below
Custom IAM policy
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::cloudops-helm-charts"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": "arn:aws:s3:::cloudops-helm-charts/*"
}
]
}Generate an IAM credential ( Access Key and Secret) and run aws configre — profile=helm-repo to store the keys as aws profile in your computer. Later you need to export the profile using command AWS_PROFILE=helm-repo to consume aws cli for helm operation.
Now you are good to move to next topic to create S#3 bucket and configure it to setup Helm repository
Create S3 Bucket
You need to create an S3 bucket to make it as your helm charts. repository. You can create the bucket using the AWS CLI, IaC, or using the AWS Console. Here in this example, I used the AWS Console to create a bucket called cloudops-helm-charts.
S3 Bucket policy
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowListObjects",
"Effect": "Deny",
"Principal": {
"AWS": [
"arn:aws:iam::123456789012:user/helm-repo-user"
]
},
"Action": [
"s3:ListBucket"
],
"Resource": "arn:aws:s3:::cloudops-helm-charts",
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
}
},
{
"Sid": "AllowObjectsFetchAndCreate",
"Effect": "Deny",
"Principal": {
"AWS": [
"arn:aws:iam::123456789012:user/helm-repo-user"
]
},
"Action": [
"s3:DeleteObject",
"s3:GetObject",
"s3:PutObject"
],
"Resource": "arn:aws:s3:::cloudops-helm-charts/*",
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
}
}
]
}How to use s3 as helm repository
Since you already installed helm, next step is to install Helm s3 plugin. You can install the plugin from the GitHub repo by running:
$ helm plugin install https://github.com/hypnoglow/helm-s3.git
Downloading and installing helm-s3 v0.9.2 ...
Checksum is valid.
Installed plugin: s3Initialize s3 Helm Repository
You’re finally ready to start playing with charts properly!
The first step is to turn the cloudops-helm-charts bucket into a valid chart repository. This requires adding an index.yaml to the s3 bucket. The Helm S3 plugin provides a helper method, that performs this operation for you, which generates a valid index.yaml and uploads it to your S3 bucket. The following is the way to do that
$ helm s3 init s3://cloudops-helm-charts
Initialized empty repository at s3://cloudops-helm-chartsYou could be able to see an index.yaml file in your bucket now and it have the following contents
apiVersion: v1
entries: {}
generated: "2020-09-13T12:00:30.599424+05:30"You can add the alias name instead of making the call the full URL by running the following command.
$ helm repo add my-charts s3://cloudops-helm-charts/
"my-charts" has been added to your repositoriesYou run helm repo list now, you'll see your repo listed
$ helm repo list
NAME URL
my-charts s3://cloudops-helm-charts/Now we are all set to consume the Helm repository. In the next topic I’ll show how to create charts , push it to repo, and install charts from, your S3 repository.
Create and Uploading a chart to the repository
Let us use the configmap file mentioned below to create an example chart. we need to create a chart by helm command, than remove all existing templates which we dont need and then copy configmap content from the below file to mychart/templates/configmap.yaml location in your computer.
helm create mychart
Creating mychartConfigmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: mychart-configmap
data:
value: "Hello This is Cloud Ops Test"
Next step is to package the helm and push to the repository following command does it.
helm package ./mychart
Successfully packaged chart and saved it to: /Users/cloudops/trainign/mychart-0.1.0.tgz
#Push to repo my-chart
helm s3 push ./mychart-0.1.0.tgz my-chartsNow you have uploaded your charts to the repository and you coulod be able to search it by command
helm search repo mychart
NAME CHART VERSION APP VERSION DESCRIPTION
my-charts/mychart 0.1.0 1.16.0 A Helm chart for KubernetesYou can fetch and/or unpack the chart locally using helm fetch my-charts/mychart or you can directly install by following comamnd
helm install my-charts/mychart --version 0.1.0
NAME: mytest-app
LAST DEPLOYED: Sun Sep 13 12:39:16 2020
NAMESPACE: dev
STATUS: DEPLOYEDRESOURCES:
==> v1/ConfigMap
NAME DATA AGE
mychart-configmap 1 0s
Remove a chart
To remove the mychart from the repository, you can perform it by passing name and version of the chart
helm s3 delete mychart --version 0.1.0 my-chartsSummary of Article
In this post I had shown, how to create s3 bucket with policy, a I am user creation, and Helm chart repository in S3 using the Helm S3 plugin. I also shown to create a chart and package it and push to the helm repo and search in the repository and install a specific version of the chart using commands and finally deleting a specific version of the helm chart.
https://cloudops-guru.in/2020/09/13/aws-s3-bucket-to-host-a-helm-chart-repository/