K
Q

Secure access to a private helm repository

7/19/2017
  1. Is this even possible with helm?
  2. What options for security are possible (BasicAuth? Client Certs? OAuth2?)
  3. Is there any example / documentation about this (both server and client side)?
-- Denis Biondic
kubernetes
kubernetes-helm
kubernetes-security

Similar Questions

Kubernetes ingress not working on redirect on some path like "/myapp", but only working for "/"
Kubernetes Deployments: Controlling Docker run Command for Containers
How can prometheus-operator be configured to collect from cAdvisor on Kubernetes?
can i use non-generic protocols in kubernetes service annotations

3 Answers

11/24/2017

Helm Private Repository using private GitHub repositories.

Steps:

  1. Create a private GitHub repository named private-helm-registry or any.
  2. Place your Raw Helm Charts.

  3. Create a charts folder and place index.yaml and packaged charts in .tgz format inside this folder.

  4. Create a GitHub Personal Access Token with read-only access.

  5. Add your Repository to helm using the following command:

    $ helm repo add helm-registry 'https://<git_hub_personal_access_token>@raw.githubusercontent.com/myGitHubAccountName/private-helm-registry/master/charts/'
"helm-registry" has been added to your repositories

    Note:

    1. Enclose the Url with single quotes ' '.
2. The trailing / is mandatory.

  6. To add development or other branches as helm repository, use branch name:

    $ helm repo add helm-registry-dev 'https://<git_hub_personal_access_token>@raw.githubusercontent.com/myGitHubAccountName/private-helm-registry/<branch>/charts/'
"helm-registry-dev" has been added to your repositories

Explore more at: Using a private github repo as helm chart repo.

-- codenio
Source: StackOverflow
10/6/2017

If you want a private helm repository, there are not many options today, at least to my knowledge.

  • Use internal network where you deploy your repository, so it will be not accessible from the outer world.
  • Use helm plugins or write your own.

So basically there are no built-in helm private repositories, but you can achieve required functionality with helm plugins.

Plugin examples:

  • GitHub - it is for using GitHub Pages as a chart repository. Not a private repo, but it shows an idea of a plugin, it is very small and simple.
  • Keybase - similar to GitHub plugin, but stores charts in Keybase instead. Still not private, but can be modified to use keybase /private directories.
  • App Registry - uses app registry (quay.io) to store charts.
  • AWS S3 - provides a way to use Amazon S3 as a private repo for helm charts. I am the author of this plugin, I wrote it because all options above were not suitable for my purposes.
  • Azure Blob Stoage - This blog post contains a way to use Azure Blob storage as a private repo for helm charts
-- hypnoglow
Source: StackOverflow
7/19/2017

I assume you mean a Helm Repo rather than securing the docker images.

My understanding is that it's just a basic webserver You could just use GCS or S3 and set up the IAM rules to secure them?

-- Dan
Source: StackOverflow