A great many Helm charts have been sent into the ocean of the internet, and it can be hard to know about them all or their whereabouts. To help solve that, Helm created Helm Hub to provide a central catalog of the growing number of public Helm chart repositories.

Browsing the awesome Helm Hub UI, you can see how easy it is to find lots of great Kubernetes-ready apps. Through your browser, you can search for the publicly available charts you need.

With such a large and growing set of listings, wouldn’t it be great if your build automation tools could use Helm Hub as the single central location to pull Helm charts for your entire organization? But that’s not easy to do; you can’t access Helm Hub through the Helm CLI.

To remedy this, we created the Helm-hub-sync tool for the Helm community. This utility helps you create and maintain a virtual Helm chart repository in JFrog Artifactory that can be that single source of truth.

Helm Chart Best Practice

Artifactory supports Helm-compatible repositories. These can be local repos for charts that are private to your organization, or remote repositories that proxy a public Helm repo.

The Helm-hub-sync tool runs in a K8s cluster and retrieves the list of repos from Helm Hub. It automatically creates remote repositories in Artifactory to proxy each of Helm Hub’s listed repos, and also creates a virtual repository in Artifactory that includes them all.

You can then pull any Helm chart that is listed by Helm Hub from the single URL of the virtual helmhub repository in Artifactory. As a bonus, you’ll also gain the faster retrieval speed of pulling the chart from the proxy in Artifactory.

Installing Helm-hub-sync

The JFrog public Helm chart repository provides the fastest and most reliable way for installing Helm-hub-sync to a Kubernetes cluster.

Before You Start

To install Helm-hub-sync to a Kubernetes cluster, you’ll need to make sure to have these prerequisite conditions:

• Helm v3 installed
• Artifactory or Artifactory HA installed, and user which can add/edit/delete virtual and remote Helm repositories.

Step 1: Add the Helm Chart Repository

Using the helm repo add command of the Helm client, add the JFrog public Helm chart repository.

$ helm repo add jfrog https://charts.jfrog.io$ helm repo update

Step 2: Define Helm Chart Overrides

To configure Helm-hub-sync the best practices is to use an _override-values.yaml_ file:

env:
  artifactory:
    url: "https://artifactory.mydomain.com/artifactory"
    authData: "user:user_api_key"

The example override-values.yaml file above sets Artifactory URL to be connected to and credentials of the user. Note: Replace mydomain.com with your domain, also replace user and userapikey with actual values.

Step 3: Install Helm-hub-sync

Now you are ready to install Helm-hub-sync through the Helm chart:

$ helm upgrade --install helm-hub-sync --namespace helm-hub-sync jfrog/helm-hub-sync -f override-values.yaml 
Release "helm-hub-sync" does not exist. Installing it now.
NAME:   helm-hub-sync
NAMESPACE: helm-hub-sync
STATUS: DEPLOYED
RESOURCES:
==> v1/ConfigMap
NAME           DATA  AGE
helm-hub-sync  8     2s
==> v1/Deployment
NAME           READY  UP-TO-DATE  AVAILABLE  AGE
helm-hub-sync  0/1    1           0          2s
==> v1/Pod(related)
NAME                            READY  STATUS             RESTARTS  AGE
helm-hub-sync-6d8bfbffcb-b8ttb  0/1    ContainerCreating  0         2s
==> v1/Secret
NAME           TYPE    DATA  AGE
helm-hub-sync  Opaque  1     3s
==> v1/ServiceAccount
NAME           SECRETS  AGE
helm-hub-sync  1        2s
NOTES:
You can check the Helm-hub-sync application by running:
kubectl get pods --namespace helm-hub-sync

Step 4: Set central Helm repository

With Helm-hub-sync installed into your Kubernetes cluster, you can set your Helm client to use helmhub repository as your single central location to consume charts from.

$ helm repo add helmhub https://artifactory.mydomain.com/artifactory/helmhub/ --username user --password user_api_key
$ helm repo update

Note: Replace mydomain.com with your domain, also replace admin and adminpassword_ with actual values.

Verifying Your Helm Repo

Once Helm-hub-sync is installed, you can verify that the virtual helmhub repository and its remote repositories were created in Artifactory:

1. Open Artifactory in your browser and display the list of virtual repositories. For example: https://artifactory.mydomain.com/artifactory/webapp/#/admin/repositories/virtual

2. You should see helmhub listed among your virtual repositories, with a large number of included repositories. To see that list, click on helmhub, then scroll down to Included repositories.

You should see a long list of Helm repositories that have been added as remote repositories.

Using the Virtual Helm Repository

The helmhub virtual repository can be accessed through its URL just like any other Artifactory repository. You can access any of the charts held in any of the remote repositories as if they were all held in a single helmhub repository.

For example, you can use the Helm CLI to find charts, as in this search for artifactory in helmhub:

$ helm search repo helmhub/artifactory
NAME                    CHART VERSION   APP VERSION DESCRIPTION
helmhub/artifactory     7.16.11         6.11.6      Universal Repository Manager supporting all major packagi...
helmhub/artifactory-ha  0.15.14         6.11.6      Universal Repository Manager supporting all major packagi...

Take note that the remote repository where the chart is actually held is not identified. That’s the way Artifactory’s virtual repositories work -- they masquerade as a single repo for your convenience.

But if there are two or more charts with the same name, each in different remote repositories, then helm search will only show the chart of that name whose version number is the highest. To see all charts of the same name from all remote repositories, specify -l flag. This will force the Helm CLI to show the long listing, with each version of the chart:

helm search repo helmhub/chart-name -l

It’s also worth noting that the stable charts repository is excluded from the helmhub virtual repository. We’ve chosen to do that because Helm Hub is expected to replace stable as the common public repository, and Helm v3 no longer adds the stable repo by default. The charts that stable contains are increasingly likely to be duplicated in other repos.

If you want to access stable repo charts through an Artifactory helm remote repository, you must add it manually. If you choose, you can also add that remote repo to the helmhub virtual repository.

Charting the Next Course

Once you’ve installed Helm-hub-sync and started it running, Artifactory is ready to serve Helm charts from any of the public repositories that are listed on Helm Hub. Through a virtual repository Artifactory instantly becomes your system’s single source of truth.

Of course Helm Hub is a living catalog and new repositories are added all the time. That’s why Helm-hub-sync will continue to monitor Helm Hub and update the helmhub repository in Artifactory as new Helm chart repos appear.

You can also use local Helm repositories in Artifactory to store the Helm charts for your organization’s private K8s apps. This helps you create a comprehensive Kubernetes registry where all the components of your application are fully traceable through a central artifact manager.

If you choose, you can even combine those local Helm repositories and the helmhub virtual repository into another virtual repository. This provides you with a single URL for access to both private and public Helm chart repos.

As the seas of Helm and Kubernetes grow deeper, they’re getting harder to navigate. With the Helm-hub-sync tool, Artifactory becomes an even sturdier vessel, helping you to sail smoothly to port.