Helm Charts and Apps
In this section, you'll learn how to manage Helm chart repositories and apps in Rancher.
Catalogs and Changes in Rancher v2.5
In Rancher v2.5, the Apps and Marketplace feature replaces the catalog system.
In the cluster manager, Rancher uses a catalog system to import bundles of charts and then uses those charts to either deploy custom Kubernetes applications or Rancher's tools such as Monitoring or Istio. The catalog system is still available in the cluster manager in Rancher v2.5, but it is deprecated.
How Helm Charts Work in Rancher
Now in the Cluster Explorer, Rancher uses a similar but simplified version of the same system. Repositories can be added in the same way that catalogs were, but are specific to the current cluster. Rancher tools come as pre-loaded repositories which deploy as standalone Helm charts.
Charts
From the top-left menu select Apps & Marketplace and you will be taken to the Charts page.
The Charts page contains all Rancher, Partner, and Custom charts.
- Rancher tools such as Logging or Monitoring are included under the Rancher label.
- Partner charts reside under the Partners label.
- Custom charts will show up under the name of the repository.
All three types are deployed and managed in the same way.
Apps managed by the Cluster Manager should continue to be managed only by the Cluster Manager, and apps managed with the Cluster Explorer must be managed only by the Cluster Explorer.
Repositories
From the left sidebar select Repositories.
These items represent Helm repositories, and can be either traditional Helm endpoints which have an index.yaml, or Git repositories which will be cloned and can point to a specific branch. In order to use custom charts, simply add your repository here and they will become available in the Charts tab under the name of the repository.
Add Custom Git Repositories
Click Create and select the target, Git repository containing Helm chart... to add a custom Git repository that contains your Helm charts or cluster template definitions.
You must enter a name and a Git repository URL. The other fields, including the description, are optional. Enter an alternative branch name if you don't want to pull from whichever branch the repo owner has set as the default. Usually, the default branch is either main
or master
.
Whenever you add a chart repository to Rancher, it becomes available immediately.
Add Custom Helm Chart Repositories
You can add your own Helm chart repositories to serve chart packages to Rancher. You can use any HTTP server, as long as the server can respond to GET requests and serve YAML files and tar archives.
For more information on Helm chart repositories, see the official Helm docs.
To add a custom Helm chart repository to Rancher, click Create and select http(s) URL to an index generated by Helm as the target. Enter a repo name and the index URL address of the chart repository.
Add Private Git/Helm Chart Repositories
You can add private Git or Helm chart repositories with SSH key credentials or an HTTP basic auth secret, such as a username and password.
Add a Private CA to Repositories
To add a private CA to Helm chart repositories:
HTTP-based chart repositories: You must add a base64 encoded copy of the CA certificate in DER format to the spec.caBundle field of the chart repo, such as
openssl x509 -outform der -in ca.pem | base64 -w0
. Click Edit YAML for the chart repo and set, as in the following example:[...]
spec:
caBundle:
MIIFXzCCA0egAwIBAgIUWNy8WrvSkgNzV0zdWRP79j9cVcEwDQYJKoZIhvcNAQELBQAwPzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRQwEgYDVQQKDAtNeU9yZywgSW5jLjENMAsGA1UEAwwEcm9vdDAeFw0yMTEyMTQwODMyMTdaFw0yNDEwMDMwODMyMT
...
nDxZ/tNXt/WPJr/PgEB3hQdInDWYMg7vGO0Oz00G5kWg0sJ0ZTSoA10ZwdjIdGEeKlj1NlPyAqpQ+uDnmx6DW+zqfYtLnc/g6GuLLVPamraqN+gyU8CHwAWPNjZonFN9Vpg0PIk1I2zuOc4EHifoTAXSpnjfzfyAxCaZsnTptimlPFJJqAMj+FfDArGmr4=
[...]Git-based chart repositories: It is not currently possible to add a private CA. For git-based chart repositories with a certificate signed by a private CA, you must disable TLS verification. Click Edit YAML for the chart repo, and add the key/value pair as follows:
[...]
spec:
insecureSkipTLSVerify: true
[...]
As of Rancher v2.5.12, a new value disableSameOriginCheck
has been added to the Repo.Spec. This allows users to bypass the same origin checks, sending the repository Authentication information as a Basic Auth Header with all API calls. This is not recommended but can be used as a temporary solution in cases of non-standard Helm chart repositories such as those that have redirects to a different origin URL.
To use this feature for an existing Helm chart repository, click ⋮ > Edit YAML. On the spec
portion of the YAML file, add disableSameOriginCheck
and set it to true
.
[...]
spec:
disableSameOriginCheck: true
[...]
Helm Compatibility
The Cluster Explorer only supports Helm 3 compatible charts.
Deploy and Upgrade Charts
From the Charts tab select a chart to install. Rancher and Partner charts may have extra configurations available through custom pages or questions.yaml files, but all chart installations can modify the values.yaml and other basic settings. Once you click install, a Helm operation job is deployed, and the console for the job is displayed.
To view all recent changes, go to the Recent Operations tab. From there you can view the call that was made, conditions, events, and logs.
After installing a chart, you can find it in the Installed Apps tab. In this section you can upgrade or delete the installation, and see further details. When choosing to upgrade, the form and values presented will be the same as installation.
Most Rancher tools have additional pages located in the toolbar below the Apps & Marketplace section to help manage and use features. These pages include links to dashboards, forms to easily add Custom Resources, and additional information.
If you are upgrading your chart using Customize Helm options before upgrade, please be aware that using the --force
option may result in errors if your chart has immutable fields. This is because some objects in Kubernetes cannot be changed once they are created. To ensure you do not get this error you can:
- Use the default upgrade option ( i.e do not use
--force
option ). - Uninstall the existing chart and install the upgraded chart.
- Delete the resources with immutable fields from the cluster before performing the
--force
upgrade.