Internet Explorer is no longer supported. Many things will still work, but your experience will be degraded and some things won't function. Please use a modern browser such as Edge, Chrome, or Firefox.

No matching results found

Please Enable JavaScript!

ProGet requires the use of JavaScript to function properly. Please enable JavaScript in your browser for this site.

Helm (Kubernetes)

view on GitHub

Helm is the package manager for Kubernetes applications and uses a packaging format called Charts to define, install, and upgrade Kubernetes applications in a repeatable and versioned manner.

Charts can be stored and shared using a Helm feed in ProGet, which acts as a Chart Repository. You also Create connectors to other Chart Repositories (including Artifact Hub) that let you use third-party charts through a Helm feed and create a curated list of approved Helm Charts.

Helm feeds also allow you to see which container images are referenced by your Helm charts and help you discover vulnerabilities in images referenced by Helm charts.

Adding a Helm Feed as a Repository

Before installing a chart from a Helm feed, the feed needs to be registered as a repository. You can use the helm repo add command to do this:

helm repo add proget https://«proget-server»/helm/«feed-name»

We recommend using proget as the repository name or, if you have multiple Helm feeds configured, you should use proget-«feed-name» instead. When your feed is connected to Artifact Hub, you'll need to register additional repositories for charts.

Authenticated Feeds

If your feed is not configured for anonymous access, then you'll need to authenticate to the Helm feed by specifying the --username and --password argument. We recommend creating an API key, using api as the username, and specifying the key as the password.

helm repo add proget https://«proget-server»/helm/«feed-name» --username api --password «your-api-key»

See Creating and Managing API Keys to learn more.

Installing Helm Charts

To install a chart from this repository, you can use the helm install command.

helm install proget/«chart-name»

Note that, because Helm caches repository information locally, you should generally run the helm repo update command first to ensure you'll get the latest version of the chart.

Creating Your Own Helm Charts

There are no special requirements for creating Helm Charts in ProGet, but you will need to follow image naming conventions in your Values file if you'd like ProGet to detect the container images that your chart references.

In general, we recommend creating simple charts from scratch instead of trying to modify or use a third-party chart you might find on Artifact Hub. This involves using the helm create command, modifying files in created directory, and then using the helm package command to create a package file (e.g. my-chart-1.15.3.tgz) that can be published to your feed.

See the official Chart Template Guide to learn how to get started with creating your own Helm Charts.

Publishing Helm Chart Packages

The easiest way to push a Helm Chart to your feed is with pgutil packages upload command:

$ pgutil packages upload --feed=«feed-name» --input-file=«path-to-chart-tgz»

If you're using ProGet 2023 or earlier, you can instead issue a PUT request with the package file as the content to the endpoint URL. For example:

curl https://«proget-server»/helm/«feed-name» --user api:«api-key» --upload-file «path-to-chart-tgz»

This method also works in ProGet 2024 and later, should you prefer to use that. Note that neither the helm push nor the helm-push are compatible with ProGet feeds.

Connecting to Artifact Hub

ProGet 2024.17+ support connecting a Helm feed to ArtifactHub.io, the defacto public source for open-source and publicly distributed Helm charts. Earlier versions of ProGet default to Helm Stable, which is no longer maintained.

Artifact Hub is not a Helm repository itself, but an aggregator of Helm repositories. When a Helm connector is configured to use the Artifact Hub API (i.e. https://artifacthub.io/api/v1/), ProGet will use a special API to search and download packages. Earlier versions of ProGet do not have this capability and will instead give an error message.

Helm charts that come from Artifact Hub will always be "prefixed" with a repository name. For example, the kube-prometheus-stack chart will appear as prometheus-community/kube-prometheus-stack in ProGet.

To install these packages, you'll often need to add an additional repository. The instructions for doing this will be on the Helm chart overview page in ProGet, and will look something like this:

helm repo add prometheus-community https://«proget-server»/helm/«feed-name»/prometheus-community
helm install prometheus-community/kube-prometheus-stack --version 65.2.0

This prefixed repository will persist if you promote the Helm chart to another feed or pull the package into ProGet. However, if you were to download the package file and then upload it again, the prefix will no longer be there.

At this time, it's not possible to create prefixes or namespaces like this. If you're interested in this functionality, let us know. We can always consider it as an enhancement in a future version.

Container Images & Values.yaml

To display the container images that a Chart Uses, ProGet will parse the Value Files (i.e. values.yaml) inside your Chart and link them to matching container images in your ProGet feeds.

💡 What is a Values File?

The Values Files (i.e. values.yaml) is typically used to define the container images that will populate the deployments file (i.e. templates/deployments.yaml template file) used by Kubernetes.

This relationship is also used to display the charts that reference a container image and to prevent docker images from being deleted during retention.

Container Image Naming Conventions

When configuring container images in your values.yaml, the image property must end in image (e.g., image:, redisImage:, postgresImage:, etc.) and contain the following sub-properties: repository, tag (or dockerTag), and optionally registry. If tag or dockerTag is omitted, the appVersion will be used when defining the associated container image.

For example, a single-container chart (i.e. the default created from the helm create command) should have the following entries in the values.yaml file in order for ProGet to detect it:

image:
  repository: proget.corp.local/corp-images/corp/my-app

A multi-container chart might look like this:

myAppImage:
  repository: proget.corp.local/corp-images/corp/my-app

postgresImage:
  repository: proget.corp.local/dockerhub-images/postgres
  tag: 13.16

Container Image Vulnerabilities

If you have configured your container registries to leverage ProGet's vulnerability scanning, then you may have a Helm chart that links to a vulnerable container image. This will be displayed on the "Vulnerabilities" tab of the Helm chart.

This can cause your Kubernetes installation to fail when you try to pull the container image from your registry. Container images will be blocked if a vulnerability has been assessed and marked Blocked or if you have enabled the Unassessed vulnerabilities to be blocked in "Administration Overview" > "Advanced Settings".

In this article

inedo.com | Support | MyInedo

docs © 2024 Inedo, LLC