ChartMuseum

Chartmuseum is an artifact storage for Helm charts.

Chartmuseum is an artifact storage for Helm charts.

Dependencies

Installation

Provision S3 Bucket and IAM Role

Create a file in /conf/kops-aws-platform/chart-repo.tf with the following content

Chartmuseum S3 bucket and IAM role

module "kops_chart_repo" {
  source       = "git::https://github.com/cloudposse/terraform-aws-kops-chart-repo.git?ref=tags/0.1.1"
  namespace    = "${module.identity.namespace}"
  stage        = "${module.identity.stage}"
  name         = "chart-repo"
  cluster_name = "${module.identity.aws_region}.${module.identity.zone_name}"

  tags = {
    Cluster = "${module.identity.aws_region}.${module.identity.zone_name}"
  }
}

output "kops_chart_repo_bucket_domain_name" {
  value = "${module.kops_chart_repo.bucket_domain_name}"
}

output "kops_chart_repo_bucket_id" {
  value = "${module.kops_chart_repo.bucket_id}"
}

output "kops_chart_repo_bucket_arn" {
  value = "${module.kops_chart_repo.bucket_arn}"
}

output "kops_chart_repo_role_name" {
  value = "${module.kops_chart_repo.role_name}"
}

output "kops_chart_repo_role_unique_id" {
  value = "${module.kops_chart_repo.role_unique_id}"
}

output "kops_chart_repo_role_arn" {
  value = "${module.kops_chart_repo.role_arn}"
}

output "kops_chart_repo_policy_name" {
  value = "${module.kops_chart_repo.policy_name}"
}

output "kops_chart_repo_policy_id" {
  value = "${module.kops_chart_repo.policy_id}"
}

output "kops_chart_repo_policy_arn" {
  value = "${module.kops_chart_repo.policy_arn}"
}

Rebuild the Geodesic Module

Rebuild the module

make docker/build

Start the Geodesic Shell

Run the Geodesic shell followed by assume-role

$CLUSTER_NAME

Run the Geodesic Shell

staging.example.com
# Mounting /home/goruha into container
# Starting new staging.example.com session from cloudposse/staging.example.com:dev
# Exposing port 41179
* Started EC2 metadata service at http://169.254.169.254/latest

         _              _                                              _
     ___| |_ __ _  __ _(_)_ __   __ _    _____  ____ _ _ __ ___  _ __ | | ___
    / __| __/ _` |/ _` | | '_ \ / _` |  / _ \ \/ / _` | '_ ` _ \| '_ \| |/ _ \
    \__ \ || (_| | (_| | | | | | (_| | |  __/>  < (_| | | | | | | |_) | |  __/
    |___/\__\__,_|\__, |_|_| |_|\__, |  \___/_/\_\__,_|_| |_| |_| .__/|_|\___|
                  |___/         |___/                           |_|


IMPORTANT:
* Your $HOME directory has been mounted to `/localhost`
* Use `aws-vault` to manage your sessions
* Run `assume-role` to start a session


-> Run 'assume-role' to login to AWS
 ⧉  staging example
❌   (none) ~ ➤

Then login to AWS by running assume-role:

Assume role

❌   (none) conf ➤  assume-role
Enter passphrase to unlock /conf/.awsvault/keys/:
Enter token for arn:aws:iam::xxxxxxx:mfa/goruha: 781874
* Assumed role arn:aws:iam::xxxxxxx:role/OrganizationAccountAccessRole
-> Run 'init-terraform' to use this project
 ⧉  staging example
✅   (example-staging-admin) conf ➤

Provision Chamber Resources

Change directory to /conf/kops-aws-platform and run these commands to provision the chart-repo backend.

init-terraform
terraform plan
terraform apply

From the Terraform outputs, copy the following values into the environment variables * kops_chart_repo_bucket_bucket_id -> CHARTMUSEUM_STORAGE_AMAZON_BUCKET * kops_chart_repo_bucket_role_name -> CHARTMUSEUM_IAM_ROLE

terraform apply

✅   (example-staging-admin) kops-aws-platform ➤  terraform apply
null_resource.default: Refreshing state... (ID: 6903789342022752579)
data.aws_iam_role.nodes: Refreshing state...
data.aws_iam_role.nodes: Refreshing state...
data.aws_vpc.kops: Refreshing state...
data.aws_caller_identity.default: Refreshing state...
data.aws_caller_identity.current: Refreshing state...
data.aws_route53_zone.default: Refreshing state...
data.aws_iam_role.masters: Refreshing state...
data.aws_caller_identity.default: Refreshing state...
data.aws_iam_role.masters: Refreshing state...
data.aws_vpc.kops: Refreshing state...
data.aws_iam_policy_document.assume_role: Refreshing state...
aws_iam_role.default: Refreshing state... (ID: example-staging-external-dns)
data.aws_iam_policy_document.role_trust: Refreshing state...
data.aws_iam_policy_document.default: Refreshing state...
aws_iam_policy.default: Refreshing state... (ID: arn:aws:iam::XXXXXXXXXXXX:policy/example-staging-external-dns)
aws_iam_role_policy_attachment.default: Refreshing state... (ID: example-staging-external-dns-20180523104524972800000001)
data.aws_subnet_ids.private: Refreshing state...
data.aws_security_group.bastion: Refreshing state...
data.aws_subnet_ids.utility: Refreshing state...
data.aws_security_group.masters: Refreshing state...
data.aws_security_group.nodes: Refreshing state...
data.aws_security_group.masters: Refreshing state...
data.aws_subnet_ids.utility: Refreshing state...
data.aws_subnet_ids.private: Refreshing state...
data.aws_security_group.nodes: Refreshing state...
data.aws_security_group.bastion: Refreshing state...

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create
 <= read (data resources)

Terraform will perform the following actions:

 <= module.kops_chart_repo.data.aws_iam_policy_document.default
      id:                                                                                                    <computed>
      json:                                                                                                  <computed>
      statement.#:                                                                                           "2"
      statement.0.actions.#:                                                                                 "1"
      statement.0.actions.486976917:                                                                         "s3:ListBucket"
      statement.0.effect:                                                                                    "Allow"
      statement.0.resources.#:                                                                               "1"
      statement.0.resources.2679715827:                                                                      "*"
      statement.1.actions.#:                                                                                 "3"
      statement.1.actions.2071725391:                                                                        "s3:GetObject"
      statement.1.actions.3009670498:                                                                        "s3:DeleteObject"
      statement.1.actions.315547055:                                                                         "s3:PutObject"
      statement.1.effect:                                                                                    "Allow"
      statement.1.resources.#:                                                                               <computed>

  + module.kops_chart_repo.aws_iam_policy.default
      id:                                                                                                    <computed>
      arn:                                                                                                   <computed>
      description:                                                                                           "Allow Kops nodes to get/put/delete objects from the chart repo S3 bucket"
      name:                                                                                                  "example-staging-chart-repo"
      path:                                                                                                  "/"
      policy:                                                                                                "${data.aws_iam_policy_document.default.json}"

  + module.kops_chart_repo.aws_iam_role.default
      id:                                                                                                    <computed>
      arn:                                                                                                   <computed>
      assume_role_policy:                                                                                    "{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Sid\": \"\",\n      \"Effect\": \"Allow\",\n      \"Action\": \"sts:AssumeRole\",\n      \"Principal\": {\n        \"Service\": \"ec2.amazonaws.com\"\n      }\n    },\n    {\n      \"Sid\": \"\",\n      \"Effect\": \"Allow\",\n      \"Action\": \"sts:AssumeRole\",\n      \"Principal\": {\n        \"AWS\": \"arn:aws:iam::XXXXXXXXXXXX:role/nodes.us-west-2.staging.example.com\"\n      }\n    }\n  ]\n}"
      create_date:                                                                                           <computed>
      description:                                                                                           "Allow Kops nodes to get/put/delete objects from the chart repo S3 bucket"
      force_detach_policies:                                                                                 "false"
      max_session_duration:                                                                                  "3600"
      name:                                                                                                  "example-staging-chart-repo"
      path:                                                                                                  "/"
      unique_id:                                                                                             <computed>

  + module.kops_chart_repo.aws_iam_role_policy_attachment.default
      id:                                                                                                    <computed>
      policy_arn:                                                                                            "${aws_iam_policy.default.arn}"
      role:                                                                                                  "example-staging-chart-repo"

  + module.kops_chart_repo.aws_s3_bucket.default
      id:                                                                                                    <computed>
      acceleration_status:                                                                                   <computed>
      acl:                                                                                                   "private"
      arn:                                                                                                   <computed>
      bucket:                                                                                                "example-staging-chart-repo"
      bucket_domain_name:                                                                                    <computed>
      force_destroy:                                                                                         "false"
      hosted_zone_id:                                                                                        <computed>
      region:                                                                                                <computed>
      request_payer:                                                                                         <computed>
      server_side_encryption_configuration.#:                                                                "1"
      server_side_encryption_configuration.0.rule.#:                                                         "1"
      server_side_encryption_configuration.0.rule.0.apply_server_side_encryption_by_default.#:               "1"
      server_side_encryption_configuration.0.rule.0.apply_server_side_encryption_by_default.0.sse_algorithm: "AES256"
      tags.%:                                                                                                "4"
      tags.Cluster:                                                                                          "us-west-2.staging.example.com"
      tags.Name:                                                                                             "example-staging-chart-repo"
      tags.Namespace:                                                                                        "example"
      tags.Stage:                                                                                            "staging"
      versioning.#:                                                                                          "1"
      versioning.0.enabled:                                                                                  "true"
      versioning.0.mfa_delete:                                                                               "false"
      website_domain:                                                                                        <computed>
      website_endpoint:                                                                                      <computed>

  + module.kops_chart_repo.module.label.null_resource.default
      id:                                                                                                    <computed>
      triggers.%:                                                                                            "5"
      triggers.attributes:                                                                                   ""
      triggers.id:                                                                                           "example-staging-chart-repo"
      triggers.name:                                                                                         "chart-repo"
      triggers.namespace:                                                                                    "example"
      triggers.stage:                                                                                        "staging"


Plan: 5 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

module.kops_chart_repo.module.label.null_resource.default: Creating...
  triggers.%:          "" => "5"
  triggers.attributes: "" => ""
  triggers.id:         "" => "example-staging-chart-repo"
  triggers.name:       "" => "chart-repo"
  triggers.namespace:  "" => "example"
  triggers.stage:      "" => "staging"
module.kops_chart_repo.module.label.null_resource.default: Creation complete after 0s (ID: 1148822555500323326)
module.kops_chart_repo.aws_iam_role.default: Creating...
  arn:                   "" => "<computed>"
  assume_role_policy:    "" => "{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Sid\": \"\",\n      \"Effect\": \"Allow\",\n      \"Action\": \"sts:AssumeRole\",\n      \"Principal\": {\n        \"Service\": \"ec2.amazonaws.com\"\n      }\n    },\n    {\n      \"Sid\": \"\",\n      \"Effect\": \"Allow\",\n      \"Action\": \"sts:AssumeRole\",\n      \"Principal\": {\n        \"AWS\": \"arn:aws:iam::XXXXXXXXXXXX:role/nodes.us-west-2.staging.example.com\"\n      }\n    }\n  ]\n}"
  create_date:           "" => "<computed>"
  description:           "" => "Allow Kops nodes to get/put/delete objects from the chart repo S3 bucket"
  force_detach_policies: "" => "false"
  max_session_duration:  "" => "3600"
  name:                  "" => "example-staging-chart-repo"
  path:                  "" => "/"
  unique_id:             "" => "<computed>"
module.kops_chart_repo.aws_s3_bucket.default: Creating...
  acceleration_status:                                                                                   "" => "<computed>"
  acl:                                                                                                   "" => "private"
  arn:                                                                                                   "" => "<computed>"
  bucket:                                                                                                "" => "example-staging-chart-repo"
  bucket_domain_name:                                                                                    "" => "<computed>"
  force_destroy:                                                                                         "" => "false"
  hosted_zone_id:                                                                                        "" => "<computed>"
  region:                                                                                                "" => "<computed>"
  request_payer:                                                                                         "" => "<computed>"
  server_side_encryption_configuration.#:                                                                "" => "1"
  server_side_encryption_configuration.0.rule.#:                                                         "" => "1"
  server_side_encryption_configuration.0.rule.0.apply_server_side_encryption_by_default.#:               "" => "1"
  server_side_encryption_configuration.0.rule.0.apply_server_side_encryption_by_default.0.sse_algorithm: "" => "AES256"
  tags.%:                                                                                                "" => "4"
  tags.Cluster:                                                                                          "" => "us-west-2.staging.example.com"
  tags.Name:                                                                                             "" => "example-staging-chart-repo"
  tags.Namespace:                                                                                        "" => "example"
  tags.Stage:                                                                                            "" => "staging"
  versioning.#:                                                                                          "" => "1"
  versioning.0.enabled:                                                                                  "" => "true"
  versioning.0.mfa_delete:                                                                               "" => "false"
  website_domain:                                                                                        "" => "<computed>"
  website_endpoint:                                                                                      "" => "<computed>"
module.kops_chart_repo.aws_iam_role.default: Creation complete after 2s (ID: example-staging-chart-repo)
module.kops_chart_repo.aws_s3_bucket.default: Still creating... (10s elapsed)
module.kops_chart_repo.aws_s3_bucket.default: Still creating... (20s elapsed)
module.kops_chart_repo.aws_s3_bucket.default: Creation complete after 23s (ID: example-staging-chart-repo)
module.kops_chart_repo.data.aws_iam_policy_document.default: Refreshing state...
module.kops_chart_repo.aws_iam_policy.default: Creating...
  arn:         "" => "<computed>"
  description: "" => "Allow Kops nodes to get/put/delete objects from the chart repo S3 bucket"
  name:        "" => "example-staging-chart-repo"
  path:        "" => "/"
  policy:      "" => "{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Sid\": \"\",\n      \"Effect\": \"Allow\",\n      \"Action\": \"s3:ListBucket\",\n      \"Resource\": \"*\"\n    },\n    {\n      \"Sid\": \"\",\n      \"Effect\": \"Allow\",\n      \"Action\": [\n        \"s3:PutObject\",\n        \"s3:GetObject\",\n        \"s3:DeleteObject\"\n      ],\n      \"Resource\": \"arn:aws:s3:::example-staging-chart-repo/*\"\n    }\n  ]\n}"
module.kops_chart_repo.aws_iam_policy.default: Creation complete after 1s (ID: arn:aws:iam::XXXXXXXXXXXX:policy/example-staging-chart-repo)
module.kops_chart_repo.aws_iam_role_policy_attachment.default: Creating...
  policy_arn: "" => "arn:aws:iam::XXXXXXXXXXXX:policy/example-staging-chart-repo"
  role:       "" => "example-staging-chart-repo"
module.kops_chart_repo.aws_iam_role_policy_attachment.default: Creation complete after 3s (ID: example-staging-chart-repo-20180531112544049600000001)

Apply complete! Resources: 5 added, 0 changed, 0 destroyed.

Outputs:

kops_chart_repo_bucket_bucket_arn = arn:aws:s3:::example-staging-chart-repo
kops_chart_repo_bucket_bucket_id = example-staging-chart-repo
kops_chart_repo_bucket_domain_name = example-staging-chart-repo.s3.amazonaws.com
kops_chart_repo_bucket_policy_arn = arn:aws:iam::XXXXXXXXXXXX:policy/example-staging-chart-repo
kops_chart_repo_bucket_policy_id = arn:aws:iam::XXXXXXXXXXXX:policy/example-staging-chart-repo
kops_chart_repo_bucket_policy_name = example-staging-chart-repo
kops_chart_repo_bucket_role_arn = arn:aws:iam::XXXXXXXXXXXX:role/example-staging-chart-repo
kops_chart_repo_bucket_role_name = example-staging-chart-repo
kops_chart_repo_bucket_role_unique_id = XXXXXXXXXXXXXXXXXXXX
kops_external_dns_policy_arn = arn:aws:iam::XXXXXXXXXXXX:policy/example-staging-external-dns
kops_external_dns_policy_id = arn:aws:iam::XXXXXXXXXXXX:policy/example-staging-external-dns
kops_external_dns_policy_name = example-staging-external-dns
kops_external_dns_role_arn = arn:aws:iam::XXXXXXXXXXXX:role/example-staging-external-dns
kops_external_dns_role_name = example-staging-external-dns
kops_external_dns_role_unique_id = XXXXXXXXXXXXXXXXXXXXX

In the example the bucket name is kops_chart_repo_bucket_bucket_id = example-staging-chart-repo. IAM role is kops_chart_repo_bucket_role_name = example-staging-chart-repo.

Install Chart

To install the chartmuseum, you will need to define the hostname, which is the FQHN used to access the chartmuseum.

In our example, we use charts.us-west-2.staging.example.com as the FQHN. Replace this with an appropriate value to suit your specific project.

You can install chartmuseum in a few different ways, but we recommend using the Helmfile.

Install with Master Helmfile

Breaking changes

If you are updating Geodesic to >= 0.9.29 from previous version pay attention to

  • Starting from 0.9.29 using aws s3 as default storage (previously local disk used), so after update your current charts would be lost
  • chart-repo release was depricated, so please remove it with command
helm delete --purge chart-repo
  • Naming of environment variables changed, so update the values with chamber and delete unnessasery old ones
prior 0.9.29 after 0.9.29
CHART_REPO_IMAGE_TAG REMOVED
CHART_REPO_STORAGE REMOVED
CHART_REPO_DEBUG CHARTMUSEUM_DEBUG
CHART_REPO_STORAGE_AMAZON_BUCKET CHARTMUSEUM_STORAGE_AMAZON_BUCKET
CHART_REPO_STORAGE_AMAZON_PREFIX CHARTMUSEUM_STORAGE_AMAZON_PREFIX
CHART_REPO_STORAGE_AMAZON_REGION CHARTMUSEUM_STORAGE_AMAZON_REGION
CHART_REPO_STORAGE_AWS_IAM_ROLE CHARTMUSEUM_IAM_ROLE
CHART_REPO_SERVER_SECRET_NAME CHARTMUSEUM_SECRET_NAME
CHART_REPO_SERVER_HOSTNAME CHARTMUSEUM_HOSTNAME
CHART_REPO_SERVER_REPLICA_COUNT REMOVED
CHART_REPO_SERVER_TTL REMOVED
CHART_REPO_SERVER_BASIC_AUTH_USER CHARTMUSEUM_BASIC_AUTH_USER
CHART_REPO_SERVER_BASIC_AUTH_PASS CHARTMUSEUM_BASIC_AUTH_PASS
CHART_REPO_GATEWAY_HOSTNAME CHARTMUSEUM_API_HOSTNAME
CHART_REPO_GATEWAY_INGRESS REMOVED
CHART_REPO_GATEWAY_REPLICA_COUNT REMOVED
CHART_REPO_GATEWAY_SECRET_NAME CHARTMUSEUM_API_SECRET_NAME
CHART_REPO_GATEWAY_BASIC_AUTH_USER CHARTMUSEUM_API_BASIC_AUTH_USER
CHART_REPO_GATEWAY_BASIC_AUTH_PASS CHARTMUSEUM_API_BASIC_AUTH_PASS

Master Helmfile provides two releases of chartmuseum: * charts - Chartmuseum that serve charts * charts-api - Chartmuseum that provide api gateway to publish charts.

These releases share the same environment variables. charts-api gateway will be available on the subdomain api for the FQHN. In our example it would be api.charts.us-west-2.staging.example.com.

To install releases follow these instructions: 1. Set the CHARTMUSEUM_STORAGE_AMAZON_BUCKET secret with chamber to the value copied from the Terraform output 2. Set the CHARTMUSEUM_STORAGE_AMAZON_REGION secret with chamber 3. Set the CHARTMUSEUM_IAM_ROLE secret with chamber to the value copied from the Terraform output 4. Set the CHARTMUSEUM_INGRESS secret with chamber provided by Nginx ingress 5. Set the CHARTMUSEUM_HOSTNAME secret with chamber 6. Run the following commands to install chartmuseum.

Install chartmuseum

chamber write kops CHARTMUSEUM_STORAGE_AMAZON_BUCKET example-staging-chart-repo
chamber write kops CHARTMUSEUM_STORAGE_AMAZON_REGION us-west-2
chamber write kops CHARTMUSEUM_IAM_ROLE example-staging-chart-repo
chamber write kops CHARTMUSEUM_INGRESS ingress.us-west-2.staging.example.com
chamber write kops CHARTMUSEUM_HOSTNAME charts.us-west-2.staging.example.com
chamber exec kops -- helmfile --selector chart=chartmuseum sync

These are the environment variables you will need to set to configure chartmuseum:

  • CHARTMUSEUM_BASIC_AUTH_USER - HTTP basic authenticate username
  • CHARTMUSEUM_BASIC_AUTH_PASS - HTTP basic authenticate password
  • CHARTMUSEUM_API_BASIC_AUTH_USER - HTTP basic authenticate username for charts-api
  • CHARTMUSEUM_API_BASIC_AUTH_PASS - HTTP basic authenticate password for charts-api
  • CHARTMUSEUM_SECRET_NAME - Secret name to store TLS generated with Kube Lego
  • CHARTMUSEUM_API_SECRET_NAME - Secret name to store TLS generated with Kube Lego for charts-api
  • CHARTMUSEUM_STORAGE_AMAZON_PREFIX - Prefix path to store charts in S3 bucket

Environment variables can be specified in the Geodesic Module’s Dockerfile or using Chamber storage, which is recommended for all secrets.

Install with Custom Helmfile

Add this code to your Kubernetes Backing Services Helmfile:

helmfile

repositories:
- name: "stable"
  url: "https://kubernetes-charts.storage.googleapis.com"

releases:
- name: "charts"
  namespace: "kube-system"
  labels:
    chart: "chartmuseum"
    component: "platform"
    namespace: "kube-system"
    vendor: "kubernetes-helm"
    default: "true"
  chart: "stable/chartmuseum"
  version: "1.4.0"
  set:
    - name: "env.open.DISABLE_API"
      value: "true"

    - name: "env.open.ALLOW_OVERWRITE"
      value: "false"

    - name: "env.open.STORAGE"
      value: "amazon"

    - name: "env.open.STORAGE_AMAZON_BUCKET"
      value: 'example-staging-charts-bucket'

    - name: "env.open.STORAGE_AMAZON_REGION"
      value: 'us-west-2'

    - name: "env.secret.BASIC_AUTH_USER"
      value: 'admin'

    - name: "env.secret.BASIC_AUTH_PASS"
      value: 'admin'

    - name: "replica.annotations.iam\\.amazonaws\\.com/role"
      value: 'example-staging-iam-role'

    - name: "resources.limits.cpu"
      value: "100m"

    - name: "resources.limits.memory"
      value: "512Mi"

    - name: "requests.cpu"
      value: "5m"

    - name: "requests.memory"
      value: "256Mi"

    - name: "ingress.enabled"
      value: "true"

    - name: "ingress.annotations.kubernetes\\.io/ingress\\.class"
      value: "nginx"

    - name: "ingress.annotations.external-dns\\.alpha\\.kubernetes\\.io/target"
      value: 'ingress.us-west-2.staging.example.com'

    - name: "ingress.hosts.charts\\.us-west-2\\.staging\\.example\\.com[0]"
      value: "/charts"

    - name: 'ingress.hosts.charts\\.us-west-2\\.staging\\.example\\.com[1]'
      value: "/index.yaml"

    - name: "ingress.tls[0].hosts[0]"
      value: 'charts.us-west-2.staging.example.com'

- name: "charts-api"
  namespace: "kube-system"
  labels:
    chart: "chartmuseum-api"
    component: "platform"
    namespace: "kube-system"
    vendor: "kubernetes-helm"
    default: "true"
  chart: "stable/chartmuseum"
  version: "1.4.0"
  values:
    - "values/chartmuseum.yaml"
  set:

    - name: "env.open.DISABLE_API"
      value: "false"

    - name: "env.open.ALLOW_OVERWRITE"
      value: "true"

    - name: "env.open.STORAGE"
      value: "amazon"

    - name: "env.open.STORAGE_AMAZON_BUCKET"
      value: 'example-staging-charts-bucket'

    - name: "env.open.STORAGE_AMAZON_REGION"
      value: 'us-west-2'

    - name: "env.secret.BASIC_AUTH_USER"
      value: 'admin'

    - name: "env.secret.BASIC_AUTH_PASS"
      value: 'admin'

    - name: "replica.annotations.iam\\.amazonaws\\.com/role"
      value: 'example-staging-iam-role'

    - name: "resources.limits.cpu"
      value: "100m"

    - name: "resources.limits.memory"
      value: "512Mi"

    - name: "requests.cpu"
      value: "5m"

    - name: "requests.memory"
      value: "256Mi"

    - name: "ingress.enabled"
      value: "true"

    - name: "ingress.annotations.kubernetes\\.io/ingress\\.class"
      value: "nginx"

    - name: "ingress.annotations.external-dns\\.alpha\\.kubernetes\\.io/target"
      value: 'ingress.us-west-2.staging.example.com'

    - name: "ingress.hosts.api\\.charts\\.us-west-2\\.staging\\.example\\.com[0]"
      value: "/api"

    - name: "ingress.tls[0].hosts[0]"
      value: 'api.charts.us-west-2.staging.example.com'

Then follow the instructions for running helmfile sync.

Usage

Read chart museum documentation for more information on chartmuseum usage.