helm multi repo

topic map entry

moved step from a module to another and deleated a modue

minor change

minor change1

review fixes

_topic_map.yml

@@ -1587,6 +1587,8 @@ Topics:
   Topics:
   - Name: Getting started with Helm on OpenShift Container Platform
     File: getting-started-with-helm-on-openshift-container-platform
+  - Name: Configuring custom Helm chart repositories
+    File: configuring-custom-helm-chart-repositories
 - Name: Knative CLI (kn) for use with OpenShift Serverless
   File: kn-cli-tools
 - Name: Pipelines CLI (tkn)

cli_reference/helm_cli/configuring-custom-helm-chart-repositories.adoc

@@ -0,0 +1,16 @@
+[id="configuring-custom-helm-chart-repositories"]
+
+= Configuring custom Helm chart repositories
+include::modules/common-attributes.adoc[]
+:context: configuring-custom-helm-chart-repositories
+
+toc::[]
+
+The *Developer Catalog*, in the *Developer* perspective of the web console, displays the Helm charts available in the cluster. By default, it lists the Helm charts from the Red Hat Helm chart repository. For a list of the charts see link:https://redhat-developer.github.io/redhat-helm-charts/index.yaml[the Red Hat `Helm index` file].
+
+As a cluster administrator, you can add multiple Helm chart repositories, apart from the default one, and display the Helm charts from these repositories in the *Developer Catalog*.
+
+
+include::modules/helm-adding-helm-chart-repositories.adoc[leveloffset=+1]
+
+include::modules/helm-creating-credentials-and-certificates-to-add-helm-repositories.adoc[leveloffset=+1]

modules/helm-adding-helm-chart-repositories.adoc

@@ -0,0 +1,45 @@
+// Module included in the following assemblies:
+//
+// * cli_reference/helm/configuring-custom-helm-chart-repositories.adoc
+
+[id="adding-helm-chart-repositories_{context}"]
+= Adding custom Helm chart repositories
+
+You can add custom Helm chart repositories to your cluster, and enable access to the Helm charts from these repositories in the *Developer Catalog*.
+
+.Procedure
+
+. To add a new Helm Chart Repository, you must add the Helm Chart Repository Custom Resource (CR) to your cluster.
++
+.Sample Helm Chart Repository CR
+
+[Source,yaml]
+----
+apiVersion: helm.openshift.io/v1beta1
+kind: HelmChartRepository
+metadata:
+  name: <name>
+spec:
+ # optional name that might be used by console
+ # name: <chart-display-name>
+  connectionConfig:
+    url: <helm-chart-repository-url>
+----
++
+For example, to add an Azure sample chart repository, run:
++
+[source,terminal]
+----
+$ cat <<EOF | oc apply -f -
+apiVersion: helm.openshift.io/v1beta1
+kind: HelmChartRepository
+metadata:
+  name: azure-sample-repo
+spec:
+  name: azure-sample-repo
+  connectionConfig:
+    url: https://raw.githubusercontent.com/Azure-Samples/helm-charts/master/docs
+EOF
+----
++
+. Navigate to  the *Developer Catalog* in the web console to verify that the helm charts from the Azure chart repository are displayed.

modules/helm-creating-credentials-and-certificates-to-add-helm-repositories.adoc

@@ -0,0 +1,89 @@
+// Module included in the following assemblies:
+//
+// * cli_reference/helm/configuring-custom-helm-chart-repositories.adoc
+
+[id="creating-credentials-and-certificates-to-add-helm-repositories_{context}"]
+= Creating credentials and CA certificates to add Helm chart repositories
+
+Some Helm chart repositories need credentials and custom Certificate Authority (CA) certificates to connect to it. You can use the web console as well as the CLI to add credentials and certificates.
+
+.Procedure
+To configure the credentials and certificates, and then add a Helm chart repository using the CLI:
+
+. In the `openshift-config` namespace, create a `configmap` with a custom CA certificate in PEM encoded format, and store it under the `ca-bundle.crt` key within the configmap:
++
+[source,terminal]
+----
+$ oc create configmap helm-ca-cert \
+--from-file=ca-bundle.crt=/path/to/certs/ca.crt \
+-n openshift-config
+----
++
+. In the `openshift-config` namespace, create a `secret` to add the Client TLS Configurations:
++
+[source,terminal]
+----
+$ oc create secret generic helm-tls-configs \
+--from-file=tls.crt=/path/to/certs/client.crt \
+--from-file=tls.key=/path/to/certs//client.key \
+-n openshift-config
+----
++
+Note that the client certificate and key must be in PEM encoded format and stored under the keys `tls.crt` and `tls.key`, respectively.
+
+. Add the Helm repository as follows:
++
+[source,terminal]
+----
+$ cat <<EOF | oc apply -f -
+apiVersion: helm.openshift.io/v1beta1
+kind: HelmChartRepository
+metadata:
+  name: <helm-repository>
+spec:
+  name: <helm-repository>
+  connectionConfig:
+    url: <URL for the Helm repository>
+    tlsConfig:
+        name: helm-tls-configs
+    ca:
+	name: helm-ca-cert
+EOF
+----
++
+The `ConfigMap` and `Secret` are consumed in the HelmChartRepository CR using the `tlsConfig` and `ca` fields. These certificates are used to connect to the Helm repository URL.
+. By default, all authenticated users have access to all configured charts. However, for chart repositories where certificates are needed, you must provide users with read access to the `helm-ca-cert` configmap and `helm-tls-configs` secret in the `openshift-config` namespace, as follows:
++
+[source,terminal]
+----
+$ cat <<EOF | kubectl apply -f -
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: openshift-config
+  name: helm-chartrepos-tls-conf-viewer
+rules:
+- apiGroups: [""]
+  resources: ["configmaps"]
+  resourceNames: ["helm-ca-cert"]
+  verbs: ["get"]
+- apiGroups: [""]
+  resources: ["secrets"]
+  resourceNames: ["helm-tls-configs"]
+  verbs: ["get"]
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  namespace: openshift-config
+  name: helm-chartrepos-tls-conf-viewer
+subjects:
+  - kind: Group
+    apiGroup: rbac.authorization.k8s.io
+    name: 'system:authenticated'
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: helm-chartrepos-tls-conf-viewer
+EOF
+----