chartmuseum 是一个开源的 Helm Chart Repository，支持多种后端存储，包括 GCS，S3 等。

API

chartmuseum 提供若干 API 以实现 Helm Chart Repository 的能力。

Helm 相关 API

• GET /index.yaml - 执行 helm repo add chartmuseum http://localhost:8080/ 时获取 helm chart 列表
• GET /charts/mychart-0.1.0.tgz - 执行 helm install chartmuseum/mychart 时下载对应的 chart
• GET /charts/mychart-0.1.0.tgz.prov - 执行 helm install with the --verify flag 获得 provenance 文件进行验证

Chart 相关 API

• POST /api/charts - 上传一个新的 chart
• POST /api/prov - 上传一个新的 provenance 文件（记录出处，用于完整性验证）
• DELETE /api/charts/<name>/<version> - 删除一个 chart 版本和相关的 provenance 文件
• GET /api/charts - 列出所有的 chart
• GET /api/charts/<name> - 列出 chart 的所有版本
• GET /api/charts/<name>/<version> - 获得特定版本的 chart 的描述信息
• GET / - 欢迎页
• GET /health - 返回 200 OK

安装 chartmuseum

GoFish

gofish install chartmuseum
==> Installing chartmuseum...
🐠  chartmuseum 0.9.0: installed in 95.431145ms

二进制安装

# on Linux
curl -LO https://s3.amazonaws.com/chartmuseum/release/latest/bin/linux/amd64/chartmuseum

# on macOS
curl -LO https://s3.amazonaws.com/chartmuseum/release/latest/bin/darwin/amd64/chartmuseum

# on Windows
curl -LO https://s3.amazonaws.com/chartmuseum/release/latest/bin/windows/amd64/chartmuseum

chmod +x ./chartmuseum
mv ./chartmuseum /usr/local/bin

创建 systemd 文件：

cat /etc/systemd/system/chartmuseum.service
[Unit]
Description=chartmuseum
Documentation=Helm Chart Repository
After=network.target

[Service]
EnvironmentFile=/etc/chartmuseum/config
ExecStart=/usr/local/bin/chartmuseum $OPTIONS

[Install]
WantedBy=multi-user.target

添加配置

# cat /etc/chartmuseum/config
OPTIONS=--debug --port=9091 --storage="local" --storage-local-rootdir="/data/chartstorage"

启动

# systemctl daemon-reload
# systemctl restart chartmuseum.service
# systemctl status chartmuseum.service
* chartmuseum.service - chartmuseum
   Loaded: loaded (/etc/systemd/system/chartmuseum.service; disabled; vendor preset: enabled)
   Active: active (running) since Mon 2019-09-16 13:59:01 CST; 6s ago
 Main PID: 26524 (chartmuseum)
    Tasks: 7
   Memory: 4.0M
      CPU: 23ms
   CGroup: /system.slice/chartmuseum.service
           `-26524 /usr/local/bin/chartmuseum --debug --port=9091 --storage=local --storage-local-rootdir=/data/chartstorage

Sep 16 13:59:01 node-1 systemd[1]: Stopped chartmuseum.
Sep 16 13:59:01 node-1 systemd[1]: Started chartmuseum.
Sep 16 13:59:01 node-1 chartmuseum[26524]: 2019-09-16T13:59:01.875+0800        DEBUG        Fetching chart list from storage        {"repo": ""}
Sep 16 13:59:01 node-1 chartmuseum[26524]: 2019-09-16T13:59:01.875+0800        DEBUG        No change detected between cache and storage        {"repo": ""}
Sep 16 13:59:01 node-1 chartmuseum[26524]: 2019-09-16T13:59:01.875+0800        INFO        Starting ChartMuseum        {"port": 9091}

使用 Docker 安装

docker run --rm -it \
  -p 8080:8080 \
  -e DEBUG=1 \
  -e STORAGE=local \
  -e STORAGE_LOCAL_ROOTDIR=/charts \
  -v $(pwd)/charts:/charts \
  chartmuseum/chartmuseum:latest

使用

添加本地仓库

helm repo add chartmuseum http://172.16.106.1:9091

上传

通过请求 chartmuseum 的 api 上传 chart：

# curl --data-binary "@confluence-6.15.9.tgz" http://172.16.106.1:9091/api/charts
{"saved":true}

更新本地缓存然后可以查看已有的 charts：

# helm repo update
Hang tight while we grab the latest from your chart repositories...
...Skip local chart repository
...Successfully got an update from the "chartmuseum" chart repository
...Successfully got an update from the "stable" chart repository
Update Complete.
# helm search chartmuseum/
NAME                  	CHART VERSION	APP VERSION	DESCRIPTION
chartmuseum/confluence	6.15.9       	1.16.0     	A Helm chart for Kubernetes
chartmuseum/jira      	8.3.3        	1.16.0     	A Helm chart for Kubernetes

从 chartmuseum 安装

# helm install chartmuseum/confluence
NAME:   bold-lambkin
LAST DEPLOYED: Mon Sep 16 14:49:34 2019
NAMESPACE: default
STATUS: DEPLOYED

RESOURCES:
==> v1/Pod(related)
NAME                           READY  STATUS   RESTARTS  AGE
bold-lambkin-75d85978d9-spt6r  0/1    Pending  0         1s

==> v1/Service
NAME          TYPE      CLUSTER-IP      EXTERNAL-IP  PORT(S)         AGE
bold-lambkin  NodePort  10.105.153.159  <none>       8090:30905/TCP  1s

==> v1beta2/Deployment
NAME          READY  UP-TO-DATE  AVAILABLE  AGE
bold-lambkin  0/1    0           0          1s


NOTES:
1. Get the application URL by running these commands:

多租户

chartmuseum 支持使用 --depth 定义 chart url 的层级深度，因此可以利用这个深度来实现多租户。

在启动时可以指定 --depth=2，来定义一个 组织/仓库 的二层结构：

chartmuseum --debug --depth=2 --storage="local" --storage-local-rootdir=./charts

chart 的层级结构：

charts
├── org1
│   ├── repoa
│   │   └── nginx-ingress-0.9.3.tgz
├── org2
│   ├── repob
│   │   └── chartmuseum-0.4.0.tgz

上传 Chart 的区别：

curl -F "chart=@mychart-0.1.0.tgz" http://localhost:8080/api/org1/repoa/charts

参考

• https://github.com/helm/chartmuseum/blob/master/README.md
• https://chartmuseum.com/docs/#uploading-a-chart-package
• https://hub.docker.com/r/chartmuseum/chartmuseum/