chart-museum
About 1 min
chart-museum
prepare
- k8s is ready
- argocd is ready and logged in
- ingress is ready
- cert-manager is ready
- the clusterissuer named
self-signed-ca-issueris ready
- the clusterissuer named
- minio is ready
installation
- prepare credentials secret
kubectl get namespaces basic-components > /dev/null 2>&1 || kubectl create namespace basic-components kubectl -n basic-components create secret generic chart-museum-credentials \ --from-literal=username=admin \ --from-literal=password=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 16) \ --from-literal=aws_access_key_id=$(kubectl -n storage get secret minio-credentials -o jsonpath='{.data.rootUser}' | base64 -d) \ --from-literal=aws_secret_access_key=$(kubectl -n storage get secret minio-credentials -o jsonpath='{.data.rootPassword}' | base64 -d)
- prepare
chart-museum.yaml- pvc backend
apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: chart-museum spec: syncPolicy: syncOptions: - CreateNamespace=true project: default source: repoURL: https://chartmuseum.github.io/charts chart: chartmuseum targetRevision: 3.10.3 helm: releaseName: chart-museum values: | replicaCount: 1 image: repository: m.zjvis.net/ghcr.io/helm/chartmuseum env: open: DISABLE_API: false STORAGE: local existingSecret: "chart-museum-credentials" existingSecretMappings: BASIC_AUTH_USER: "username" BASIC_AUTH_PASS: "password" serviceMonitor: enabled: false # namespace: prometheus labels: {} metricsPath: "/metrics" # timeout: 60 # interval: 60 resources: limits: cpu: 100m memory: 128Mi requests: cpu: 80m memory: 64Mi persistence: enabled: false storageClass: "" volumePermissions: image: registry: m.zjvis.net/docker.io ingress: enabled: true annotations: cert-manager.io/cluster-issuer: self-signed-ca-issuer nginx.ingress.kubernetes.io/rewrite-target: /$1 ingressClassName: nginx hosts: - name: chart-museum.dev.geekcity.tech path: /?(.*) tls: true destination: server: https://kubernetes.default.svc namespace: basic-componentsminio backendapiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: chart-museum spec: syncPolicy: syncOptions: - CreateNamespace=true project: default source: repoURL: https://chartmuseum.github.io/charts chart: chartmuseum targetRevision: 3.10.3 helm: releaseName: chart-museum values: | replicaCount: 1 image: repository: m.zjvis.net/ghcr.io/helm/chartmuseum env: open: DISABLE_API: false STORAGE: amazon STORAGE_AMAZON_ENDPOINT: http://minio-api.dev.geekcity.tech:32080 STORAGE_AMAZON_BUCKET: chart-museum STORAGE_AMAZON_PREFIX: charts STORAGE_AMAZON_REGION: us-east-1 existingSecret: "chart-museum-credentials" existingSecretMappings: BASIC_AUTH_USER: "username" BASIC_AUTH_PASS: "password" AWS_ACCESS_KEY_ID: "aws_access_key_id" AWS_SECRET_ACCESS_KEY: "aws_secret_access_key" serviceMonitor: enabled: false # namespace: prometheus labels: {} metricsPath: "/metrics" # timeout: 60 # interval: 60 resources: limits: cpu: 100m memory: 128Mi requests: cpu: 80m memory: 64Mi persistence: enabled: false storageClass: "" volumePermissions: image: registry: m.zjvis.net/docker.io ingress: enabled: true annotations: cert-manager.io/cluster-issuer: self-signed-ca-issuer nginx.ingress.kubernetes.io/rewrite-target: /$1 ingressClassName: nginx hosts: - name: chart-museum.dev.geekcity.tech path: /?(.*) tls: true destination: server: https://kubernetes.default.svc namespace: basic-components
- apply to k8s
kubectl -n argocd apply -f chart-museum.yaml
- sync by argocd
argocd app sync argocd/chart-museum
- prepare minio bucket if you choose to use minio as backend
- pvc backendminio backend
# change K8S_MASTER_IP to your k8s master ip K8S_MASTER_IP=$(kubectl get node -l node-role.kubernetes.io/control-plane -o jsonpath='{.items[0].status.addresses[?(@.type=="InternalIP")].address}') ACCESS_SECRET=$(kubectl -n storage get secret minio-credentials -o jsonpath='{.data.rootPassword}' | base64 -d) podman run --rm \ --entrypoint bash \ --add-host=minio-api.dev.geekcity.tech:${K8S_MASTER_IP} \ -it docker.io/minio/mc:latest \ -c "mc alias set minio http://minio-api.dev.geekcity.tech:32080 admin ${ACCESS_SECRET} \ && mc mb --ignore-existing minio/chart-museum"
- patch to resolve minio endpoint if you choose to use minio as backend
- pvc backendminio backend
kubectl -n basic-components patch deployment chart-museum-chartmuseum \ --type merge \ --patch '{"spec":{"template":{"spec":{"hostAliases":[{"ip":"192.168.49.2","hostnames":["minio-api.dev.geekcity.tech"]}]}}}}'
tests
- create a chart
podman run --rm \ -v $(pwd):/code \ --workdir /code \ -it m.zjvis.net/docker.io/alpine/k8s:1.29.4 \ helm create demo-chart
- publish a chart
podman run --rm \ --add-host chart-museum.dev.geekcity.tech:$(kubectl get node -l node-role.kubernetes.io/control-plane -o jsonpath='{.items[0].status.addresses[?(@.type=="InternalIP")].address}') \ -v $(pwd):/code \ --env HELM_REPO_USERNAME=admin \ --env HELM_REPO_PASSWORD=$(kubectl -n basic-components get secret chart-museum-credentials -o jsonpath='{.data.password}' | base64 -d) \ -it m.zjvis.net/docker.io/alpine/k8s:1.29.4 \ helm cm-push --insecure \ /code/demo-chart https://chart-museum.dev.geekcity.tech:32443 \ --context-path /