This is our stop-gap mirror of OCI Helm Charts that can be used until maintainers of upstream charts publish them.
Caution
Subscribe to the upstream issues or PRs tracking OCI support because if you wish to use these charts understand it is your responsiblity to make sure to change to the official OCI chart as soon as possible as they will be deprecated here. I bare no resposibility for you not paying close attention to this repository and the changes herein.
helm install ${RELEASE_NAME} --namespace ${NAMESPACE} oci://ghcr.io/astrateam-net/charts-mirror/${CHART_NAME} --version ${CHART_VERSION}Warning
Even though these charts are signed via cosign it will not prevent against malicious code being pushed from upstream ending up in a release here. For example if cert-managers Helm chart is compromised, there's nothing stopping that release from NOT being mirrored here.
---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: OCIRepository
metadata:
name: ${CHART_NAME}
namespace: ${NAMESPACE}
spec:
interval: 1h
layerSelector:
mediaType: application/vnd.cncf.helm.chart.content.v1.tar+gzip
operation: copy
ref:
tag: ${CHART_VERSION}
url: oci://ghcr.io/astrateam-net/charts-mirror/${CHART_NAME}
verify:
provider: cosign
matchOIDCIdentity:
- issuer: ^https://token.actions.githubusercontent.com$
subject: ^https://github.com/astrateam-net/charts-mirror.*$
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: ${RELEASE_NAME}
namespace: ${NAMESPACE}
spec:
interval: 1h
chartRef:
kind: OCIRepository
name: ${CHART_NAME}
namespace: ${NAMESPACE}
values:
...-
Verify the chart doesn't already have an official OCI Helm Chart.
-
Create a new directory under
charts/with the chart name. -
Add a
metadata.yamlto that new directory file with the contents and update the variables to reflect the chart you are adding:--- registry: ${CHART_REGISTRY_URL} name: ${CHART_NAME} version: ${CHART_VERSION}
-
Open a PR with the link in the description to the upstream issue tracking OCI Helm Chart support.