Deployment of chartmuseum for hosting helm charts

Purpose

The goal of this paper is to outline the system requirements and deployment methods for the chart museum and its prerequisites.

Pre-requisites for chartmuseum

1) Docker

2) Docker compose

3) Certgen

Step 1: Install Certgen

1. Download the latest version with the following command

BASH

wget https://github.com/minio/certgen/releases/download/v1.2.0/certgen_1.2.0_linux_amd64.deb

2. install it with the following command

BASH

sudo dpkg -i certgen_1.2.0_linux_amd64.deb

Step 2: Deployments step

1. Create the directory

BASH

 mkdir chartmeuseum

BASH

cd chartmeuseum

2. Generate the charter.conf file

BASH

cat<<EOF| tee charter.conf
---
server {
    listen 0.0.0.0:8080;
    server_name charts.expertflow.com;
#    access_log /opt/bitnami/nginx/logs/yourapp_access.log;
#    error_log /opt/bitnami/nginx/logs/yourapp_error.log;

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header HOST $http_host;
        proxy_set_header X-NginX-Proxy true;

        proxy_pass http://charter:8080;
        proxy_redirect off;
    }
    location /ui/ {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header HOST $http_host;
        proxy_set_header X-NginX-Proxy true;

        proxy_pass http://ui:8080/;
        proxy_redirect off;
    }
    location /gui/ {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header HOST $http_host;
        proxy_set_header X-NginX-Proxy true;

        proxy_pass http://gui:3000/;
        proxy_redirect off;
    }
}
EOF

3. Create the docker-compose.yaml file for deploying Nginx, chartmuseum, and minio.

BASH

cat<<EOF| tee docker-compose.yaml 
 ---

version: '2'

services:
  gui:
#    image: moreillon/chartmuseum-gui:latest
    image: moreillon/chartmuseum-gui:3786d02d
    environment:
      PUBLIC_CHARTMUSEUM_URL: http://charter:8080
      PATH_BASE: "/gui"
#    ports:
#      - 3000:3000
    networks:
      - charter

  ui:
    image: idobry/chartmuseumui:latest
    environment:
      CHART_MUSEUM_URL: "http://charter:8080"
#   ports:
#    - 80:8080
    networks:
      - charter

  nginx:
    image: bitnami/nginx:1.23
    ports:
      - '80:8080'
    volumes:
      - /root/chartmeuseum/charter.conf:/opt/bitnami/nginx/conf/server_blocks/charter.conf:ro
    networks:
      - charter

  minio:
    image: bitnami/minio:latest
#   image: localminio:2023.1
#    ports:
#      - '9000:9000'
#      - '9001:9001'
    environment:
       - BITNAMI_DEBUG=true
       - MINIO_ROOT_USER=expertflow
       - MINIO_ROOT_PASSWORD=expertflow123
       - MINIO_DEFAULT_BUCKETS=expertflow
       - MINIO_SCHEME=https
#       - MINIO_SKIP_CLIENT=yes
    volumes:
      - minio_data:/data
      - ./certs:/certs
    networks:
      - charter

  charter:
    image: bitnami/chartmuseum:latest
#    ports:
#     - '8080:8080'
    environment:
     - PORT=8080
     - DEBUG=1
     - STORAGE=amazon
     - STORAGE_AMAZON_BUCKET=expertflow
     - STORAGE_AMAZON_PREFIX=""
     - STORAGE_AMAZON_REGION=us-east-1
     - STORAGE_AMAZON_ENDPOINT=minio:9000
     - AWS_ACCESS_KEY_ID=expertflow
     - AWS_SECRET_ACCESS_KEY=expertflow123
     - AWS_INSECURE_SKIP_VERIFY=true
    depends_on:
     minio:
       condition: service_started
    networks:
      - charter
volumes:
  minio_data:
    driver: local
  charts:
    driver: local

networks:
  charter:
    external: true

4. Create another directory with the following command

BASH

mkdir certs

5. Change the permission for the certs directory

BASH

chown -R 1001:1001 certs

and

BASH

cd certs

6. Generate certificates using certgen for the minio

BASH

certgen --host "localhost,minio"

7. Create the directory for certs

BASH

 mkdir CAs

8. Copy the certs to CAs directory

BASH

cp public.crt CAs/

BASH

cd ../

9. Now apply the docker-compose file.

BASH

docker-compose up -d
docker-compose up -d ( 2nd time is required for the chartmeuseum )