- Configuring custom Helm chart repositories
- Installing a Helm chart on an OKD cluster
- Installing Helm charts using the Developer perspective
- Using Helm in the web terminal
- Creating a custom Helm chart on OKD
- Adding custom Helm chart repositories
- Creating credentials and CA certificates to add Helm chart repositories
- Filtering Helm Charts by their certification level
- Disabling Helm Chart repositories
Configuring custom Helm chart repositories
You can install Helm charts on an OKD cluster using the following methods:
The CLI.
The Developer perspective of the web console.
The Developer Catalog, in the Developer perspective of the web console, displays the Helm charts available in the cluster. By default, it lists the Helm charts from the Red Hat OpenShift Helm chart repository. For a list of the charts, see the Red Hat Helm index
file.
As a cluster administrator, you can add multiple Helm chart repositories, apart from the default one, and display the Helm charts from these repositories in the Developer Catalog.
Installing a Helm chart on an OKD cluster
Prerequisites
You have a running OKD cluster and you have logged into it.
You have installed Helm.
Procedure
Create a new project:
$ oc new-project mysql
Add a repository of Helm charts to your local Helm client:
$ helm repo add stable https://kubernetes-charts.storage.googleapis.com/
Example output
"stable" has been added to your repositories
Update the repository:
$ helm repo update
Install an example MySQL chart:
$ helm install example-mysql stable/mysql
Verify that the chart has installed successfully:
$ helm list
Example output
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
example-mysql mysql 1 2019-12-05 15:06:51.379134163 -0500 EST deployed mysql-1.5.0 5.7.27
Installing Helm charts using the Developer perspective
You can use either the Developer perspective in the web console or the CLI to select and install a chart from the Helm charts listed in the Developer Catalog. You can create Helm releases by installing Helm charts and see them in the Developer perspective of the web console.
Prerequisites
- You have logged in to the web console and have switched to the Developer perspective.
Procedure
To create Helm releases from the Helm charts provided in the Developer Catalog:
In the Developer perspective, navigate to the +Add view and select a project. Then click Helm Chart option to see all the Helm Charts in the Developer Catalog.
Select a chart and read the description, README, and other details about the chart.
Click Install Helm Chart.
Figure 1. Helm charts in developer catalog
In the Install Helm Chart page:
Enter a unique name for the release in the Release Name field.
Select the required chart version from the Chart Version drop-down list.
Configure your Helm chart by using the Form View or the YAML View.
Where available, you can switch between the YAML View and Form View. The data is persisted when switching between the views.
Click Install to create a Helm release. You will be redirected to the Topology view where the release is displayed. If the Helm chart has release notes, the chart is pre-selected and the right panel displays the release notes for that release.
You can upgrade, rollback, or uninstall a Helm release by using the Actions button on the side panel or by right-clicking a Helm release.
Using Helm in the web terminal
You can use Helm by initializing the web terminal in the Developer perspective of the web console. For more information, see Using the web terminal.
Creating a custom Helm chart on OKD
Procedure
Create a new project:
$ oc new-project nodejs-ex-k
Download an example Node.js chart that contains OKD objects:
$ git clone https://github.com/redhat-developer/redhat-helm-charts
Go to the directory with the sample chart:
$ cd redhat-helm-charts/alpha/nodejs-ex-k/
Edit the
Chart.yaml
file and add a description of your chart:apiVersion: v2 (1)
name: nodejs-ex-k (2)
description: A Helm chart for OpenShift (3)
icon: https://static.redhat.com/libs/redhat/brand-assets/latest/corp/logo.svg (4)
1 The chart API version. It should be v2
for Helm charts that require at least Helm 3.2 The name of your chart. 3 The description of your chart. 4 The URL to an image to be used as an icon. Verify that the chart is formatted properly:
$ helm lint
Example output
[INFO] Chart.yaml: icon is recommended
1 chart(s) linted, 0 chart(s) failed
Navigate to the previous directory level:
$ cd ..
Install the chart:
$ helm install nodejs-chart nodejs-ex-k
Verify that the chart has installed successfully:
$ helm list
Example output
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
nodejs-chart nodejs-ex-k 1 2019-12-05 15:06:51.379134163 -0500 EST deployed nodejs-0.1.0 1.16.0
Adding custom Helm chart repositories
As a cluster administrator, you can add custom Helm chart repositories to your cluster and enable access to the Helm charts from these repositories in the Developer Catalog.
Procedure
To add a new Helm Chart Repository, you must add the Helm Chart Repository custom resource (CR) to your cluster.
Sample Helm Chart Repository CR
apiVersion: helm.openshift.io/v1beta1
kind: HelmChartRepository
metadata:
name: <name>
spec:
# optional name that might be used by console
# name: <chart-display-name>
connectionConfig:
url: <helm-chart-repository-url>
For example, to add an Azure sample chart repository, run:
$ cat <<EOF | oc apply -f -
apiVersion: helm.openshift.io/v1beta1
kind: HelmChartRepository
metadata:
name: azure-sample-repo
spec:
name: azure-sample-repo
connectionConfig:
url: https://raw.githubusercontent.com/Azure-Samples/helm-charts/master/docs
EOF
Navigate to the Developer Catalog in the web console to verify that the Helm charts from the chart repository are displayed.
For example, use the Chart repositories filter to search for a Helm chart from the repository.
Figure 2. Chart repositories filter
If a cluster administrator removes all of the chart repositories, then you cannot view the Helm option in the +Add view, Developer Catalog, and left navigation panel.
Creating credentials and CA certificates to add Helm chart repositories
Some Helm chart repositories need credentials and custom certificate authority (CA) certificates to connect to it. You can use the web console as well as the CLI to add credentials and certificates.
Procedure
To configure the credentials and certificates, and then add a Helm chart repository using the CLI:
In the
openshift-config
namespace, create aConfigMap
object with a custom CA certificate in PEM encoded format, and store it under theca-bundle.crt
key within the config map:$ oc create configmap helm-ca-cert \
--from-file=ca-bundle.crt=/path/to/certs/ca.crt \
-n openshift-config
In the
openshift-config
namespace, create aSecret
object to add the client TLS configurations:$ oc create secret tls helm-tls-configs \
--cert=/path/to/certs/client.crt \
--key=/path/to/certs/client.key \
-n openshift-config
Note that the client certificate and key must be in PEM encoded format and stored under the keys
tls.crt
andtls.key
, respectively.Add the Helm repository as follows:
$ cat <<EOF | oc apply -f -
apiVersion: helm.openshift.io/v1beta1
kind: HelmChartRepository
metadata:
name: <helm-repository>
spec:
name: <helm-repository>
connectionConfig:
url: <URL for the Helm repository>
tlsConfig:
name: helm-tls-configs
ca:
name: helm-ca-cert
EOF
The
ConfigMap
andSecret
are consumed in the HelmChartRepository CR using thetlsConfig
andca
fields. These certificates are used to connect to the Helm repository URL.By default, all authenticated users have access to all configured charts. However, for chart repositories where certificates are needed, you must provide users with read access to the
helm-ca-cert
config map andhelm-tls-configs
secret in theopenshift-config
namespace, as follows:$ cat <<EOF | kubectl apply -f -
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: openshift-config
name: helm-chartrepos-tls-conf-viewer
rules:
- apiGroups: [""]
resources: ["configmaps"]
resourceNames: ["helm-ca-cert"]
verbs: ["get"]
- apiGroups: [""]
resources: ["secrets"]
resourceNames: ["helm-tls-configs"]
verbs: ["get"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: openshift-config
name: helm-chartrepos-tls-conf-viewer
subjects:
- kind: Group
apiGroup: rbac.authorization.k8s.io
name: 'system:authenticated'
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: helm-chartrepos-tls-conf-viewer
EOF
Filtering Helm Charts by their certification level
You can filter Helm charts based on their certification level in the Developer Catalog.
Procedure
In the Developer perspective, navigate to the +Add view and select a project.
From the Developer Catalog tile, select the Helm Chart option to see all the Helm charts in the Developer Catalog.
Use the filters to the left of the list of Helm charts to filter the required charts:
Use the Chart Repositories filter to filter charts provided by Red Hat Certification Charts or OpenShift Helm Charts.
Use the Source filter to filter charts sourced from Partners, Community, or Red Hat. Certified charts are indicated with the () icon.
The Source filter will not be visible when there is only one provider type. |
You can now select the required chart and install it.
Disabling Helm Chart repositories
You can disable Helm Charts from a particular Helm Chart Repository in the catalog by setting the disabled
property in the HelmChartRepository
custom resource to true
.
Procedure
To disable a Helm Chart repository by using CLI, add the
disabled: true
flag to the custom resource. For example, to remove an Azure sample chart repository, run:$ cat <<EOF | oc apply -f -
apiVersion: helm.openshift.io/v1beta1
kind: HelmChartRepository
metadata:
name: azure-sample-repo
spec:
connectionConfig:
url:https://raw.githubusercontent.com/Azure-Samples/helm-charts/master/docs
disabled: true
EOF
To disable a recently added Helm Chart repository by using Web Console:
Go to Custom Resource Definitions and search for the
HelmChartRepository
custom resource.Go to Instances, find the repository you want to disable, and click its name.
Go to the YAML tab, add the
disabled: true
flag in thespec
section, and clickSave
.Example
spec:
connectionConfig:
url: <url-of-the-repositoru-to-be-disabled>
disabled: true
The repository is now disabled and will not appear in the catalog.