Since the latest Helm v3 release, there is experimental support for distributing charts via OCI-based registries. While the Open Container Initiative Distribution Spec aims to standardize container image distribution, it can be used to publish a wide variety of artifacts. Therefore the Gitlab OCI compliant Container Registry is a perfect fit for distributing your Helm charts alongside your git repository.
This quick-start guide will show you how to distribute Helm charts on Gitlab, fully automated via the integrated CI/CD pipelines.
Creating a Sample Chart and Setup CI
helm create helloworld
This will bootstrap our demo Helm chart and create the following structure:
└── helloworld
├── Chart.yaml
├── charts
├── templates
│ ├── NOTES.txt
│ ├── \_helpers.tpl
│ ├── deployment.yaml
│ ├── hpa.yaml
│ ├── ingress.yaml
│ ├── service.yaml
│ ├── serviceaccount.yaml
│ └── tests
│ └── test-connection.yaml
└── values.yaml
Usually, we could now start modifying our chart as desired, but to demonstrate publishing charts to a container registry this will suffice.
Lets also add a .gitlab-ci.yml to setup our continuous integration pipeline:
image:
name: alpine/helm:3.2.1
entrypoint: ["/bin/sh", "-c"]
variables:
HELM_EXPERIMENTAL_OCI: 1
stages:
- lint-helm-chart
- release-helm-chart
lint-helm:
stage: lint-helm-chart
script:
- helm lint alertmanager-bot
release-helm:
stage: release-helm-chart
script:
- helm registry login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
- helm chart save helloworld $CI_REGISTRY/gitlabUser/helloworld:$CI_COMMIT_TAG
- helm chart push $CI_REGISTRY/gitlabUser/helloworld:$CI_COMMIT_TAG
only:
- tags
This will set up two stages for us: lint-helm-chart and release-helm-chart which will both run inside the alpine/helm docker image. Additionally, we will make use of the pre-defined environment variables $CI_REGISTRY_USER and $CI_REGISTRY_PASSWORD to authenticate to our Gitlab Container Registry.
Lets now push all of these files to our gitlab repositories and publish a new tag to trigger a push to our registry:
git commit -am "initial release"
git tag v0.1.0
git push && git push --tags
As soon as the pipeline finishes, the first release should be available in your registry.
release artifact in the container registry
Pulling & Installing the Chart
With our first release published in the registry, we can now start pulling and installing the Chart from anywhere we have network connectivity to gitlab.
Run the following commands to pull and export the chart locally:
export HELM_EXPERIMENTAL_OCI=1
helm chart pull registry.gitlab.com/gitlabUser/helloworld:v0.1.0
helm chart export registry.gitlab.com/gitlabUser/helloworld:v0.1.0 -d /tmp/
helm upgrade --install demo /tmp/helloworld
Voila, you successfully installed the chart previously released on your gitlab container registry. An example implementation can be found here.
While the Helm OCI registry support greatly simplifies the process of distributing charts, the feature is still experimental, and not all use-cases are supported. This includes missing support for directly installing images hosted in a registry via helm upgrade/install or searching registries via the Helm CLI.
As Helm is actively being developed, there is a good chance that new registry features will be released and OCI support becomes stable. So closely watch new releases and happy helming!
