Best Practices for Managing Helm Repositories
Oleksandr Erm • 3/10/2024 • 8 min read
Best Practices for Managing Helm Repositories
Managing Helm repositories effectively is crucial for maintaining a scalable and reliable Kubernetes infrastructure. This comprehensive guide covers best practices for organizing, maintaining, and scaling your Helm chart repositories.
Repository Organization
1. Directory Structure
helm-charts/
├── charts/
│ ├── app-1/
│ │ ├── Chart.yaml
│ │ ├── values.yaml
│ │ ├── templates/
│ │ └── README.md
│ └── app-2/
├── .github/
├── scripts/
└── README.md
2. Chart Naming Conventions
# Chart.yaml
apiVersion: v2
name: my-application
version: 1.2.3
description: A well-documented application chart
maintainers:
- name: DevOps Team
email: devops@example.com
Version Management
1. Semantic Versioning
# Example version strategy
dependencies:
- name: mongodb
version: "~12.1.0" # Compatible with 12.1.x
repository: https://charts.bitnami.com/bitnami
- name: redis
version: ">=6.0.0 <7.0.0" # Compatible with 6.x.x
repository: https://charts.bitnami.com/bitnami
2. Chart Metadata
# Chart.yaml best practices
apiVersion: v2
name: application
version: 1.0.0
appVersion: "2.3.4"
kubeVersion: ">=1.19.0"
description: |
Detailed description of the application
and its main features
type: application
keywords:
- app
- web
- api
home: https://github.com/org/helm-charts
sources:
- https://github.com/org/application
maintainers:
- name: maintainer
email: maintainer@org.com
url: https://github.com/maintainer
Documentation Standards
1. README Template
# Chart Name
## Introduction
Brief description of the chart's purpose
## Prerequisites
- Kubernetes version requirements
- Dependencies
- Resource requirements
## Installation
```bash
helm repo add myrepo https://charts.example.com
helm install my-release myrepo/chart-name
Configuration
Parameter | Description | Default |
---|---|---|
image.repository | Image repository | nginx |
image.tag | Image tag | latest |
Usage Examples
Common use cases and configurations
### 2. Values Documentation
```yaml
# values.yaml
image:
# -- Image repository
repository: nginx
# -- Image tag
# @default -- Chart.appVersion
tag: ""
# -- Image pull policy
pullPolicy: IfNotPresent
resources:
# -- CPU/Memory resource requests
requests:
memory: "64Mi"
cpu: "250m"
# -- CPU/Memory resource limits
limits:
memory: "128Mi"
cpu: "500m"
Quality Assurance
1. Chart Testing
# ct.yaml
chart-dirs:
- charts
chart-repos:
- bitnami=https://charts.bitnami.com/bitnami
helm-extra-args: --timeout 600s
2. Validation Scripts
#!/bin/bash
# validate-charts.sh
for chart in charts/*/; do
if [ -f "$chart/Chart.yaml" ]; then
echo "Validating $chart..."
# Lint the chart
helm lint "$chart"
# Test template rendering
helm template test "$chart"
# Run custom validation
./scripts/custom-validation.sh "$chart"
fi
done
Repository Maintenance
1. Index Management
# update-index.sh
#!/bin/bash
# Generate chart packages
for chart in charts/*/; do
helm package "$chart" -d .deploy
done
# Update index
helm repo index .deploy --url https://charts.example.com
2. Cleanup Policies
# cleanup-policy.yaml
retention:
charts:
maxVersions: 10
minVersions: 3
keepPatterns:
- "v1.*.*" # Keep all v1 versions
packages:
maxAge: 180d # Delete packages older than 180 days
Security Best Practices
1. Chart Signing
# sign-charts.sh
#!/bin/bash
# Sign all charts
for chart in .deploy/*.tgz; do
helm sign "$chart" --key maintainer@org.com
done
2. Access Control
# repository-auth.yaml
auth:
basic:
enabled: true
realm: "Helm Repository"
token:
enabled: true
issuer: "helm-repo"
expiration: 24h
Performance Optimization
1. Caching Configuration
# nginx-cache.conf
proxy_cache_path /cache levels=1:2 keys_zone=helm_cache:10m
max_size=10g inactive=60m use_temp_path=off;
server {
location / {
proxy_cache helm_cache;
proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504;
proxy_cache_valid 200 60m;
}
}
2. Repository Mirroring
# mirror-config.yaml
mirrors:
- name: primary
url: https://charts.example.com
- name: backup
url: https://backup.charts.example.com
sync:
interval: 1h
timeout: 5m
Monitoring and Metrics
1. Repository Metrics
# prometheus-metrics.yaml
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: helm-repo-metrics
spec:
endpoints:
- port: http
path: /metrics
selector:
matchLabels:
app: helm-repository
Best Practices Checklist
-
Repository Structure
- Consistent directory layout
- Clear naming conventions
- Comprehensive documentation
-
Version Control
- Semantic versioning
- Dependency management
- Change tracking
-
Quality Assurance
- Automated testing
- Validation checks
- Security scanning
-
Maintenance
- Regular updates
- Cleanup procedures
- Backup strategies
Conclusion
Implementing these best practices ensures a well-maintained, secure, and efficient Helm chart repository. Regular review and updates of these practices help maintain the repository’s quality and reliability over time.