The idea here is to allow any user on behalf of the main account to read the repository’s charts, where only the continuous integration user is allowed to push new Helm Charts to the repo
Initilaize and add the Helm repo:
1
2
3
4
helm S3 init s3://my-helm-repo/charts
helm repo add my-helm-repo s3://my-helm-repo/charts
# List repos
helm repo list
Perform a first test in order to verify if access to the S3 bucket works as expected:
1
2
3
4
5
# Switch awscli profile and list bucket content as the CI-userexport AWS_PROFILE=ci-user
aws s3 ls s3://my-helm-repo/charts/
# unsetunset AWS_PROFILE
Depending on the CI-product being used (e.g. Jenkins, Gitlab), add the following variables to your pipeline configuration in order to have them being passed into the build runner or build job as environment variables:
As soon as a new Helm Chart is being created and pushed to the repo, this way awscli driven by the helm-s3 plugin will use these env vars, respectively these credentials from within the build runner