571 words
3 minutes
Complete Guide: Setting Up and Publishing Helm Charts to ChartMuseum
Table of contents
1. Setting Up ChartMuseum
Install ChartMuseum in Kubernetes
# Add ChartMuseum's Helm repohelm repo add chartmuseum https://chartmuseum.github.io/charts
# Install ChartMuseum with API enabled for uploadshelm install chartmuseum chartmuseum/chartmuseum \ --set env.open.DISABLE_API=false \ --set service.type=ClusterIP \ --set persistence.enabled=true \ --set persistence.size=10Gi
# For external access, set up an Ingresskubectl create ingress chartmuseum \ --rule="cm.yourdomain.com/*=chartmuseum:8080"
Verify Installation
# Check ChartMuseum is runningkubectl get pods -l app.kubernetes.io/name=chartmuseum
# Test the endpointcurl https://cm.yourdomain.com/health
2. Creating a Helm Chart
# Create a new charthelm create mychart
# Structuremychart/ ├── .helmignore # Files to ignore when packaging ├── Chart.yaml # Chart metadata ├── values.yaml # Default configuration values ├── charts/ # Dependencies └── templates/ # K8s resource templates
Edit Chart.yaml
to set metadata:
apiVersion: v2name: mychartdescription: My application charttype: applicationversion: 0.1.0appVersion: "1.0.0"
3. Packaging the Chart
# Package the charthelm package ./mychart
# Sign the chart (optional)# First, set up GPG keys if neededgpg --full-generate-key
# Export keys to format Helm can usegpg --export > ~/.gnupg/pubring.gpggpg --export-secret-keys > ~/.gnupg/secring.gpg
# Package with signinghelm package ./mychart --sign --key "Your Name <your.email@example.com>"
# Verify packagehelm verify mychart-0.1.0.tgz
4. Pushing to ChartMuseum
Method 1: Using the Helm CM-Push Plugin
# Install the ChartMuseum pluginhelm plugin install https://github.com/chartmuseum/helm-push
# Add your ChartMuseum repohelm repo add myrepo https://cm.yourdomain.com
# Push the charthelm cm-push mychart-0.1.0.tgz myrepo
# Push with force flag to overwritehelm cm-push mychart-0.1.0.tgz myrepo --force
Method 2: Using cURL
# Push chart using cURLcurl --data-binary "@mychart-0.1.0.tgz" https://cm.yourdomain.com/api/charts
# If you've signed the chart, also push the .prov filecurl --data-binary "@mychart-0.1.0.tgz.prov" https://cm.yourdomain.com/api/prov
# If authentication is requiredcurl -u username:password --data-binary "@mychart-0.1.0.tgz" https://cm.yourdomain.com/api/charts
5. Managing Charts in ChartMuseum
# Update your local repo to see new chartshelm repo update
# Search for your charthelm search repo myrepo/mychart
# View chart detailshelm show chart myrepo/mychart
# List all versionshelm search repo myrepo/mychart --versions
# Delete a chart versioncurl -X DELETE https://cm.yourdomain.com/api/charts/mychart/0.1.0
6. Automating with CI/CD
Create a GitHub workflow .github/workflows/release.yml
:
name: Release Charts
on: push: branches: [main] paths: - "charts/**"
jobs: release: runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v2
- name: Set up Helm uses: azure/setup-helm@v1
- name: Add Helm Push Plugin run: helm plugin install https://github.com/chartmuseum/helm-push
- name: Add ChartMuseum Repo run: helm repo add myrepo https://cm.yourdomain.com
- name: Package and Push Charts run: | for chart in ./charts/*; do if [ -d "$chart" ]; then helm package "$chart" chart_file=$(basename "$chart")-$(grep '^version:' "$chart/Chart.yaml" | awk '{print $2}').tgz helm cm-push "$chart_file" myrepo --force fi done
7. Troubleshooting Common Issues
API Disabled
If you get “not found” or 404 errors when pushing:
# Check if API is enabledcurl https://cm.yourdomain.com/api/charts
# Fix: Update ChartMuseum deploymentkubectl set env deployment/chartmuseum DISABLE_API=false
Authentication Issues
If authentication is required:
# Set credentials in environmentexport HELM_REPO_USERNAME=adminexport HELM_REPO_PASSWORD=password
# Then pushhelm cm-push mychart-0.1.0.tgz myrepo
GPG Key Issues
If chart signing fails:
# Check available keysgpg --list-secret-keys --keyid-format LONG
# Export keys in the format Helm expectsgpg --export > ~/.gnupg/pubring.gpggpg --export-secret-keys > ~/.gnupg/secring.gpgchmod 600 ~/.gnupg/pubring.gpg ~/.gnupg/secring.gpg
Chart Already Exists
If you get an error about chart already existing:
# Use --force flaghelm cm-push mychart-0.1.0.tgz myrepo --force
# Or delete the old version firstcurl -X DELETE https://cm.yourdomain.com/api/charts/mychart/0.1.0
Example Usage
helm package ./charts/invinsense-xdrhelm cm-push invinsense-xdr-1.0.0.tgz invinsense
This comprehensive guide covers all aspects of setting up ChartMuseum and managing Helm charts, from basic installation to advanced CI/CD automation. ChartMuseum provides an excellent solution for hosting private Helm charts with a simple API for programmatic chart management.
Complete Guide: Setting Up and Publishing Helm Charts to ChartMuseum
https://mranv.pages.dev/posts/publishing-helm-charts-chartmuseum/