Helm Integration

Manage Helm releases and repositories with Codefresh

Codefresh is one of the few devops platforms that has native support for Helm releases and deployments. This includes

Note that the built-in Helm repository is production ready. You can start using Helm right away with your Codefresh account even if you don’t have an external Helm repository. See our quick start guide for Helm or the full Helm example.

General Helm configuration

To configure your external Helm repositories go to your Account Configuration, by clicking on Account Settings on the left sidebar. On the first section called Integrations click the Configure button next to Helm.

Codefresh Account Integration

Codefresh Account Integration

Add a new Helm repository configuration from the drop down.

Add Helm Repository

Add Helm Repository

Each configuration must be given a unique name, which you can later reference in a codefresh.yml file.

Define user access

Define user access

For each Helm integration you can toggle the level of access by non-admin users. If it is off, users will not be able to use the CLI or API to access this Helm repository programmatically. If it is on, all users from all your Codefresh teams will be able to access this Helm repository with CLI commands or API calls.

Private Helm repository - HTTP

You can connect to your repository using HTTP Basic authentication:

  • Add your repo URL as usually with HTTP protocol.
  • Supply the User and Password for HTTP Basic authentication.

Variables:

Name Description
REPOSITORY NAME Give a unique name to this integration
REPOSITORY URL Location of the Helm repository
HELMREPO_USERNAME The username to authenticate with
HELMREPO_PASSWORD The password for the username provided

Private Helm repository - S3

  • Add your S3 bucket URL in the following scheme: s3://bucketname.
  • Supply the AWS authentication variables as you would for the AWS CLI, or the S3 plugin for Helm. See details here: Configuring the AWS CLI.

Variables:

Name Description
REPOSITORY NAME Give a unique name to this integration
REPOSITORY URL Location of the Helm repository with format s3://bucketname
AWS_ACCESS_KEY_ID ID of the key with permissions for the bucket
AWS_SECRET_ACCESS_KEY Secret of the key with permissions for the bucket
AWS_DEFAULT_REGION region where the bucket was created

Private Helm repository - GCS

  • Add your GCS bucket URL in the following scheme: gs://bucketname.
  • Supply the Google authentication variable as you would for the GCloud CLI, or the GCS plugin for Helm. See details here: Creating Service Account.

Variables:

Name Description
REPOSITORY NAME Give a unique name to this integration
REPOSITORY URL Location of the Helm repository with format gs://bucketname.
GOOGLE_APPLICATION_CREDENTIALS_JSON The JSON content of the service account credentials

Private Helm repository - Azure

First make sure that you create the Helm repository in Azure.

Then click Authenticate. You will get a permissions dialog for allowing Codefresh to access the Azure services. Click Accept.

Make sure that you are using an organizational/company Azure account and not a personal one. We are currently working with Microsoft to improve this integration.

Selecting an Azure Helm repository

Selecting an Azure Helm repository

Select your Azure subscription on the left drop-down menu and your Helm repository on the right drop-down menu.

If you are already authenticated to Azure, and cannot find your Helm repository in the list, try revoking access and authenticating again.

The Azure Helm integration is now ready.

Private Helm repository - Azure with service principal

An alternative method of adding an Azure Helm repository is by using a service principal. First follow the instructions for creating a service principal in the Azure portal.

Then from the drop-down menu select Azure Registry SP. Click the Authenticate button and enter the following details:

  • Client ID
  • Tenant
  • Client secret

Azure Service principal details

Azure Service principal details

Click the Save button once finished. Assuming that the authentication is successful you will see your available Azure registries that can be used as a Helm repository.

Private Helm repository from another Codefresh account

You also add the private Helm repository of another Codefresh user as your integration:

Name Description
REPOSITORY NAME Give a unique name to this integration
REPOSITORY URL Location of the Helm repository with format cm://repository-name.
CF API KEY A token in order to access the other Codefresh account.

Note that we don’t recommend using this practice (sharing the Codefresh Helm repository between accounts). The built-in Helm repository of each account is best used as a private Helm repository of that account. See more details on how to make your private Helm public.