MCPcopy Index your code
hub / github.com/helm/chartmuseum

github.com/helm/chartmuseum @v0.16.5 sqlite

repository ↗ · DeepWiki ↗ · release v0.16.5 ↗
321 symbols 892 edges 41 files 69 documented · 21%
README

ChartMuseum

GitHub Actions status Go Report Card GoDoc

ChartMuseum is an open-source Helm Chart Repository server written in Go (Golang), with support for cloud storage backends, including Google Cloud Storage, Amazon S3, Microsoft Azure Blob Storage, Alibaba Cloud OSS Storage, Openstack Object Storage, Oracle Cloud Infrastructure Object Storage, Baidu Cloud BOS Storage, Tencent Cloud Object Storage, DigitalOcean Spaces, Minio, and etcd.

Works as a valid Helm Chart Repository, and also provides an API for uploading charts.

Powered by some great Go technology: - helm/helm - for working with charts - gin-gonic/gin - for HTTP routing - urfave/cli - for command line option parsing - spf13/viper - for configuration - uber-go/zap - for logging - chartmuseum/auth - for auth - chartmuseum/storage - for multi-cloud storage

API

Helm Chart Repository

  • GET /index.yaml - retrieved when you run helm repo add chartmuseum http://localhost:8080/
  • GET /charts/mychart-0.1.0.tgz - retrieved when you run helm install chartmuseum/mychart
  • GET /charts/mychart-0.1.0.tgz.prov - retrieved when you run helm install with the --verify flag

Chart Manipulation

  • POST /api/charts - upload a new chart version
  • POST /api/prov - upload a new provenance file
  • DELETE /api/charts/<name>/<version> - delete a chart version (and corresponding provenance file)
  • GET /api/charts - list all charts
  • GET /api/charts/<name> - list all versions of a chart
  • GET /api/charts/<name>/<version> - describe a chart version
  • GET /api/charts/<name>/<version>/templates - get chart template
  • GET /api/charts/<name>/<version>/values - get chart values
  • HEAD /api/charts/<name> - check if chart exists (any versions)
  • HEAD /api/charts/<name>/<version> - check if chart version exists

Server Info

  • GET / - HTML welcome page
  • GET /info - returns current ChartMuseum version
  • GET /health - returns 200 OK

Uploading a Chart Package

Follow "How to Run" section below to get ChartMuseum up and running at http://localhost:8080

First create mychart-0.1.0.tgz using the Helm CLI:

cd mychart/
helm package .

Upload mychart-0.1.0.tgz:

curl --data-binary "@mychart-0.1.0.tgz" http://localhost:8080/api/charts

If you've signed your package and generated a provenance file, upload it with:

curl --data-binary "@mychart-0.1.0.tgz.prov" http://localhost:8080/api/prov

Both files can also be uploaded at once (or one at a time) on the /api/charts route using the multipart/form-data format:

curl -F "chart=@mychart-0.1.0.tgz" -F "prov=@mychart-0.1.0.tgz.prov" http://localhost:8080/api/charts

You can also use the helm-push plugin:

helm cm-push mychart/ chartmuseum

Installing Charts into Kubernetes

Add the URL to your ChartMuseum installation to the local repository list:

helm repo add chartmuseum http://localhost:8080

Search for charts:

helm search repo chartmuseum/

Install chart:

helm install chartmuseum/mychart --generate-name

How to Run

CLI

Installation

You can use the installer script:

curl https://raw.githubusercontent.com/helm/chartmuseum/main/scripts/get-chartmuseum | bash

or download manually from the releases page, which also contains all package checksums and signatures.

Determine your version with chartmuseum --version.

Configuration

Show all CLI options with chartmuseum --help. Common configurations can be seen below.

All command-line options can be specified as environment variables, which are defined by the command-line option, capitalized, with all -'s replaced with _'s.

For example, the env var STORAGE_AMAZON_BUCKET can be used in place of --storage-amazon-bucket.

Using a configuration file

Use chartmuseum --config config.yaml to read configuration from a file.

When using file-based configuration, the corresponding option name can be looked up in pkg/config/vars.go. It would be the key of configVars entry corresponding to the command line option / environment variable. For example, --storage corresponds to storage.backend in the configuration file.

Here's a complete example of a config.yaml:

debug: true
port: 8080
storage.backend: local
storage.local.rootdir: <storage_path>
bearerauth: 1
authrealm: <authorization server url>
authservice: <authorization server service name>
authcertpath: <path to authorization server public pem file>
authactionssearchpath: <optional: JMESPath to find allowed actions in a jwt token>
depth: 2

Using with Amazon S3 or Compatible services like Minio or DigitalOcean.

Make sure your environment is properly setup to access my-s3-bucket

For Amazon S3, endpoint is automatically inferred.

chartmuseum --debug --port=8080 \
  --storage="amazon" \
  --storage-amazon-bucket="my-s3-bucket" \
  --storage-amazon-prefix="" \
  --storage-amazon-region="us-east-1"

For S3 compatible services like Minio, set the credentials using environment variables and pass the endpoint.

export AWS_ACCESS_KEY_ID=""
export AWS_SECRET_ACCESS_KEY=""
chartmuseum --debug --port=8080 \
  --storage="amazon" \
  --storage-amazon-bucket="my-s3-bucket" \
  --storage-amazon-prefix="" \
  --storage-amazon-region="us-east-1" \
  --storage-amazon-endpoint="my-s3-compatible-service-endpoint"

You need at least the following permissions inside your IAM Policy

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AllowListObjects",
      "Effect": "Allow",
      "Action": [
        "s3:ListBucket"
      ],
      "Resource": "arn:aws:s3:::my-s3-bucket"
    },
    {
      "Sid": "AllowObjectsCRUD",
      "Effect": "Allow",
      "Action": [
        "s3:DeleteObject",
        "s3:GetObject",
        "s3:PutObject"
      ],
      "Resource": "arn:aws:s3:::my-s3-bucket/*"
    }
  ]
}

In order to work with AWS service accounts you may need to set AWS_SDK_LOAD_CONFIG=1 in your environment. For more context, please see here.

If you are using S3-Compatible storage, provider of S3 storage has disabled path-style and force virtual hosted-style, you can use specify storage-amazon-force-path-style options as following example:

export AWS_ACCESS_KEY_ID=""
export AWS_SECRET_ACCESS_KEY=""
chartmuseum --debug --port=8080 \
  --storage="amazon" \
  --storage-amazon-bucket="my-s3-bucket" \
  --storage-amazon-prefix="" \
  --storage-amazon-region="us-east-1" \
  --storage-amazon-endpoint="my-s3-compatible-service-endpoint"
  --storage-amazon-force-path-style=false

For DigitalOcean, set the credentials using environment variable and pass the endpoint. Note below, that the region us-east-1 needs to be set, since that is how the DigitalOcean cli implementation functions. The actual region of your spaces location is defined by the endpoint. Below we are using Frankfurt as an example.

export AWS_ACCESS_KEY_ID="spaces_access_key"
export AWS_SECRET_ACCESS_KEY="spaces_secret_key"
  chartmuseum --debug --port=8080 \
  --storage="amazon" \
  --storage-amazon-bucket="my_spaces_name" \
  --storage-amazon-prefix="my_spaces_name_subfolder" \
  --storage-amazon-region="us-east-1" \
  --storage-amazon-endpoint="https://fra1.digitaloceanspaces.com"

The access_key and secret_key can be generated from the DigitalOcean console, under the section API/Spaces_access_keys.

Note: on certain S3-based storage backends, the LastModified field on objects is truncated to the nearest second. For more info, please see issue #152.

In order to mitigate this, you may use use the --storage-timestamp-tolerance option. For example, to round to the nearest second, you could use --storage-timestamp-tolerance=1s. For acceptable values to use for this field, please see here.

Using with Google Cloud Storage

Make sure your environment is properly setup to access my-gcs-bucket.

One way to do so is to set the GOOGLE_APPLICATION_CREDENTIALS var in your environment, pointing to the JSON file containing your service account key:

export GOOGLE_APPLICATION_CREDENTIALS="/home/user/Downloads/[FILE_NAME].json"

More info on Google Cloud authentication can be found here.

chartmuseum --debug --port=8080 \
  --storage="google" \
  --storage-google-bucket="my-gcs-bucket" \
  --storage-google-prefix=""

Using with Microsoft Azure Blob Storage

Make sure your environment is properly setup to access mycontainer.

To do so, you must set the following env vars: - AZURE_STORAGE_ACCOUNT - AZURE_STORAGE_ACCESS_KEY

chartmuseum --debug --port=8080 \
  --storage="microsoft" \
  --storage-microsoft-container="mycontainer" \
  --storage-microsoft-prefix=""

Using with Alibaba Cloud OSS Storage

Make sure your environment is properly setup to access my-oss-bucket.

To do so, you must set the following env vars: - ALIBABA_CLOUD_ACCESS_KEY_ID - ALIBABA_CLOUD_ACCESS_KEY_SECRET

chartmuseum --debug --port=8080 \
  --storage="alibaba" \
  --storage-alibaba-bucket="my-oss-bucket" \
  --storage-alibaba-prefix="" \
  --storage-alibaba-endpoint="oss-cn-beijing.aliyuncs.com"

Using with Openstack Object Storage

Make sure your environment is properly setup to access mycontainer.

To do so, you must set the following env vars (depending on your openstack version): - OS_AUTH_URL - either OS_PROJECT_NAME or OS_TENANT_NAME or OS_PROJECT_ID or OS_TENANT_ID - either OS_DOMAIN_NAME or OS_DOMAIN_ID - either OS_USERNAME or OS_USERID - OS_PASSWORD

chartmuseum --debug --port=8080 \
  --storage="openstack" \
  --storage-openstack-container="mycontainer" \
  --storage-openstack-prefix="" \
  --storage-openstack-region="myregion"

For Swift V1 Auth you must set the following env vars: - ST_AUTH - ST_USER - ST_KEY

chartmuseum --debug --port=8080 \
  --storage="openstack" \
  --storage-openstack-auth="v1" \
  --storage-openstack-container="mycontainer" \
  --storage-openstack-prefix=""

Using with Oracle Cloud Infrastructure Object Storage

Make sure your environment is properly setup to access my-ocs-bucket.

More info on Oracle Cloud Infrastructure authentication can be found here.

chartmuseum --debug --port=8080 \
  --storage="oracle" \
  --storage-oracle-bucket="my-ocs-bucket" \
  --storage-oracle-prefix="" \
  --storage-oracle-compartmentid="ocid1.compartment.oc1..1234"

Using with Baidu Cloud BOS Storage

Make sure your environment is properly setup to access my-bos-bucket.

To do so, you must set the following env vars: - BAIDU_CLOUD_ACCESS_KEY_ID - BAIDU_CLOUD_ACCESS_KEY_SECRET

chartmuseum --debug --port=8080 \
  --storage="baidu" \
  --storage-baidu-bucket="my-bos-bucket" \
  --storage-baidu-prefix="" \
  --storage-baidu-endpoint="bj.bcebos.com"

Using with Tencent Cloud COS Storage

Make sure your environment is properly setup to access my-cos-bucket.

To do so, you must set the following env vars: - TENCENT_CLOUD_COS_SECRET_ID - TENCENT_CLOUD_COS_SECRET_KEY

chartmuseum --debug --port=8080 \
  --storage="tencent" \
  --storage-tencent-bucket="my-cos-bucket" \
  --storage-tencent-prefix="" \
  --storage-tencent-endpoint="cos.ap-beijing.myqcloud.com"

Using with etcd

To use etcd as backend you need the CA certificate and the signed key pair. See here

chartmuseum --debug --port=8080 \
  --storage="etcd" \
  --storage-etcd-cafile="/path/to/ca.crt" \
  --storage-etcd-certfile="/path/to/server.crt" \
  --storage-etcd-keyfile="/path/to/server.key" \
  --storage-etcd-prefix="" \
  --storage-etcd-endpoint="http://localhost:2379"

Using with local filesystem storage

Make sure you have re

Extension points exported contracts — how you extend this code

Store (Interface)
Store is a generic interface for cache stores [1 implementers]
pkg/cache/store.go
Server (Interface)
Server is a generic interface for web servers [1 implementers]
pkg/chartmuseum/server.go
LoggingFn (FuncType)
LoggingFn is generic logging function with some additional context
pkg/chartmuseum/logger/logger.go
RequestCounterURLLabelMappingFn (FuncType)
* RequestCounterURLLabelMappingFn is a function which can be supplied to the middleware to control the cardinality of th
pkg/chartmuseum/router/prometheus.go

Core symbols most depended-on inside this repo

match
called by 40
pkg/chartmuseum/router/match.go
Get
called by 38
pkg/cache/store.go
Set
called by 32
pkg/cache/store.go
NewMultiTenantServer
called by 21
pkg/chartmuseum/server/multitenant/server.go
ContextLoggingFn
called by 20
pkg/chartmuseum/logger/logger.go
String
called by 18
pkg/config/vars.go
ChartVersionFromStorageObject
called by 14
pkg/repo/chart.go
crashIfConfigMissingVars
called by 13
cmd/chartmuseum/main.go

Shape

Method 196
Function 69
Struct 43
Class 5
FuncType 3
TypeAlias 3
Interface 2

Languages

Go91%
Python9%

Modules by API surface

pkg/chartmuseum/server/multitenant/server_test.go29 symbols
pkg/chartmuseum/server/multitenant/handlers.go27 symbols
pkg/chartmuseum/server/multitenant/cache.go26 symbols
pkg/chartmuseum/router/prometheus.go24 symbols
cmd/chartmuseum/main.go16 symbols
acceptance_tests/lib/ChartMuseum.py13 symbols
pkg/repo/index_test.go11 symbols
pkg/repo/index.go11 symbols
pkg/chartmuseum/logger/logger.go11 symbols
pkg/chartmuseum/server/multitenant/server.go10 symbols
pkg/chartmuseum/server/multitenant/api.go10 symbols
pkg/config/config.go8 symbols

Dependencies from manifests, versioned

cloud.google.com/gov0.112.0 · 1×
cloud.google.com/go/compute/metadatav0.9.0 · 1×
cloud.google.com/go/storagev1.36.0 · 1×
github.com/Azure/azure-sdk-for-gov68.0.0+incompatible · 1×
github.com/Azure/go-ansitermv0.0.0-2025010203350 · 1×
github.com/Azure/go-autorestv14.2.0+incompatible · 1×
github.com/Azure/go-autorest/autorestv0.11.27 · 1×
github.com/Azure/go-autorest/autorest/adalv0.9.20 · 1×
github.com/Azure/go-autorest/autorest/datev0.3.0 · 1×
github.com/Azure/go-autorest/loggerv0.2.1 · 1×
github.com/Azure/go-autorest/tracingv0.6.0 · 1×

For agents

$ claude mcp add chartmuseum \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact