ProGet Documentation

Helm Feeds in ProGet

  • Last Modified: 2021-02-19

Helm is the package manager for Kubernetes applications. A ProGet package for a Helm feed is known as a chart, which can be used to describe even the most complex application and provide a repeatable, versioned approach to Kubernetes deployments.

This feed type is available starting in ProGet 5.2.

Pre-requisite Configuration

In order to install packages from a ProGet feed using helm, the ProGet feed must be added to the local list of repositories by running this command:

helm repo add proget http://{proget-server}/helm/{feed-name}

Using proget is recommended for the repo name, unless there are multiple feeds configured in ProGet, in which case proget-{feed-name} should be used.

Common Tasks

Installing Helm Charts

To install a chart hosted by ProGet, run the following the commands:

helm repo update
helm install proget/{chart-name}

Note: The Helm CLI references --repo as the argument to install from a custom repository. ProGet is not compatible with the --repo argument, you will likely receive the following error message: "Error: Could not find protocol handler for:". ProGet will only work by adding a repo using the helm repo add command.

Creating Helm Charts

A basic Helm chart can be created using the following commands:

helm create {chart-name}
helm package {chart-name}

The create command will create a template/skeleton chart which can be modified as desired. The package command will package the chart into a .tgz file that can be pushed to ProGet.

Refer to the Helm chart creation documentation for more information.

Publishing Charts

The helm executable does not support pushing Helm charts, so ProGet offers three alternative methods to add charts to ProGet Helm feed:

Upload from ProGet Web Application

On the feed overview page, select "Add Package" and "Upload Chart" to upload a packaged Helm chart (i.e., .tgz file generated from the helm package command).

Publish via HTTP

To push a Helm chart via HTTP, issue a PUT or POST request with the package file as the content to: http://{proget-server}/helm/{feed-name}

This can be accomplished with the following examples:

Invoke-WebRequest http://{proget-server}/helm/{feed-name} -Headers @{"AUTHORIZATION"="Basic " + [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes("{username}:{password}"))} -Method PUT -InFile {chart-name}-{chart-version}.tgz
curl http://{proget-server}/helm/{feed-name} --user <user>:<password> --upload-file <chart-name>-<chart-version>.tgz

Deleting (Unpublishing) Charts

You can delete (permanently remove) Helm charts from your feed by navigating to the package page and clicking the Delete Package button. This actions requires the Feeds_DeletePackage permission attribute.

To programmatically delete a helm chart from your feed, issue a DELETE request to: http://{proget-server}/helm/{feed-name}/package/{ID}/{VERSION}

This can be accomplished with the following examples:

Invoke-WebRequest http://{proget-server}/helm/{feed-name}/package/{ID}/{VERSION} -Headers @{"AUTHORIZATION"="Basic " + [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes("{username}:{password}"))} -Method DELETE
curl http://{proget-server}/helm/{feed-name}/package/{ID}/{VERSION} --user <user>:<password> -X DELETE
What about the helm-push command?

The helm-push command comes from a third-party plugin that is designed exclusively to push packages to ChartMusuem (which is a private Helm repository). It is not a "standard", and it's only compatible with ChartMusuem's API, and behind the scenes it appears to be quite complicated. With the other methods, you're just uploading the exact file you specify, and are given a standardized HTTP status code as a response.

The reason it doesn't work with ProGet is that the ChartMusuem repository is a very different product than ProGet; for example, it doesn't have the concept of "Feeds", or even custom URL endpoint points. This means that only a root path like https://proget.kramerica.corp/ is supported. Even if we could "hack something together" by reverse-engineering and re-implementing the ChartMusuem's API, it will could unexpectedly break as they release new versions of the plug-in and clients.

Pull From External Repository

If the chart version you would like to install is available in an external Helm repository, use this option.

Technical Limitations

Signed (i.e., provenance) charts are not supported at this time but may become available in a future v5.2 maintenance release.

Container Visibility

Helm charts reference a number of container images. These container images are defined in a values.yaml file that is used to populated the deployments.yaml template file. A chart may also be dependent on a number of other helm charts. These dependencies also have a values.yaml file and deploment.yaml template.

ProGet will parse the values.yaml of the chart and its dependencies values.yaml files to find which container images are used. These container images will then be displayed in the chart's description under the Associated Container Images section. ProGet will also attempt to match these associated container images with a container image within your ProGet container registries. If a match is found, ProGet will automatically link the Helm chart to associated ProGet container image.

*This feature is available in ProGet 5.3 and above.

Parsing Requirements

When configuring container images in your values.yaml, the image property must end in image (e.g., image:, redisImage:, postgresImage:, etc.) and contain the following sub-properties: repository, tag (or dockerTag), and optionally registry. If tag or dockerTag is omitted, the latest tag will be used when defining the associated container image.

Container Vulnerabilities

If you have configured your container registries to leverage a vulnerability source, you may have a Helm chart that links to a vulnerable container image. This may cause your Kubernetes install to fail when attempting to pull the container image from your registry. Container images will be blocked if a vulnerability has been assessed and marked Blocked or if you have enabled the Unassessed vulnerabilities to be blocked in Administration > Advanced Settings.

Is this documentation incorrect or incomplete? Help us by contributing!

This documentation is licensed under CC-BY-SA-4.0 and stored in GitHub.

Generated from commit 99e6640e on master