Helm is the package manager for Kubernetes applications. A ProGet package for a Helm feed is known as a chart, which can be used to describe even the most complex application and provide a repeatable, versioned approach to Kubernetes deployments.
This feed type is available starting in ProGet 5.2.
In order to install packages from a ProGet feed using helm, the ProGet feed must be added to the local list of repositories by running this command:
helm repo add proget http://{proget-server}/helm/{feed-name}
Using proget
is recommended for the repo name, unless there are multiple feeds configured in ProGet, in which case proget-{feed-name}
should be used.
To install a chart hosted by ProGet, run the following the commands:
helm repo update
helm install proget/{chart-name}
Note: The Helm CLI references --repo
as the argument to install from a custom repository. ProGet is not compatible with the --repo
argument, you will likely receive the following error message: "Error: Could not find protocol handler for:
". ProGet will only work by adding a repo using the helm repo add
command.
A basic Helm chart can be created using the following commands:
helm create {chart-name}
helm package {chart-name}
The create
command will create a template/skeleton chart which can be modified as desired. The package
command will package the chart into a .tgz
file that can be pushed to ProGet.
Refer to the Helm chart creation documentation for more information.
The helm
executable does not support pushing Helm charts, so ProGet offers three alternative methods to add charts to ProGet Helm feed:
On the feed overview page, select "Add Package" and "Upload Chart" to upload a packaged Helm chart (i.e., .tgz
file generated from the helm package
command).
To push a Helm chart via HTTP, issue a PUT or POST request with the package file as the content to: http://{proget-server}/helm/{feed-name}
This can be accomplished with the following examples:
Invoke-WebRequest http://{proget-server}/helm/{feed-name} -Headers @{"AUTHORIZATION"="Basic " + [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes("{username}:{password}"))} -Method PUT -InFile {chart-name}-{chart-version}.tgz
curl http://{proget-server}/helm/{feed-name} --user <user>:<password> --upload-file <chart-name>-<chart-version>.tgz
You can delete (permanently remove) Helm charts from your feed by navigating to the package page and clicking the Delete Package button. This actions requires the Feeds_DeletePackage
permission attribute.
To programmatically delete a helm chart from your feed, issue a DELETE request to: http://{proget-server}/helm/{feed-name}/package/{ID}/{VERSION}
This can be accomplished with the following examples:
Invoke-WebRequest http://{proget-server}/helm/{feed-name}/package/{ID}/{VERSION} -Headers @{"AUTHORIZATION"="Basic " + [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes("{username}:{password}"))} -Method DELETE
curl http://{proget-server}/helm/{feed-name}/package/{ID}/{VERSION} --user <user>:<password> -X DELETE
helm-push
command?The helm-push
command comes from a third-party plugin that is designed exclusively to push packages to ChartMusuem (which is a private Helm repository). It is not a "standard", and it's only compatible with ChartMusuem's API, and behind the scenes it appears to be quite complicated. With the other methods, you're just uploading the exact file you specify, and are given a standardized HTTP status code as a response.
The reason it doesn't work with ProGet is that the ChartMusuem repository is a very different product than ProGet; for example, it doesn't have the concept of "Feeds", or even custom URL endpoint points. This means that only a root path like https://proget.kramerica.corp/
is supported. Even if we could "hack something together" by reverse-engineering and re-implementing the ChartMusuem's API, it will could unexpectedly break as they release new versions of the plug-in and clients.
If the chart version you would like to install is available in an external Helm repository, use this option.
Signed (i.e., provenance) charts are not supported at this time but may become available in a future v5.2 maintenance release.
Helm charts reference a number of container images. These container images are defined in a values.yaml
file that is used to populated the deployments.yaml
template file. A chart may also be dependent on a number of other helm charts. These dependencies also have a values.yaml
file and deploment.yaml
template.
ProGet will parse the values.yaml
of the chart and its dependencies values.yaml
files to find which container images are used. These container images will then be displayed in the chart's description under the Associated Container Images
section. ProGet will also attempt to match these associated container images with a container image within your ProGet container registries. If a match is found, ProGet will automatically link the Helm chart to associated ProGet container image.
*This feature is available in ProGet 5.3 and above.
When configuring container images in your values.yaml
, the image property must end in image (e.g., image:, redisImage:, postgresImage:, etc.) and contain the following sub-properties: repository, tag (or dockerTag), and optionally registry. If tag or dockerTag is omitted, the latest
tag will be used when defining the associated container image.
If you have configured your container registries to leverage a vulnerability source, you may have a Helm chart that links to a vulnerable container image. This may cause your Kubernetes install to fail when attempting to pull the container image from your registry. Container images will be blocked if a vulnerability has been assessed and marked Blocked
or if you have enabled the Unassessed
vulnerabilities to be blocked in Administration > Advanced Settings.
Is this documentation incorrect or incomplete? Help us by contributing!
This documentation is licensed under CC-BY-SA-4.0 and stored in GitHub.