Effortlessly Manage Container Images by Pushing Helm Charts to Amazon ECR

Introduction

Amazon Elastic Container Registry (ECR) is a fully managed container registry service provided by AWS. It offers a secure, scalable solution for storing, managing, and deploying container images. With Amazon ECR, you can seamlessly integrate with other AWS services to streamline your container workflows. Amazon ECR provides robust access controls, image vulnerability scanning, and efficient image replication across multiple regions, which makes it an ideal choice for managing container images associated with Helm charts.

Integrating Amazon ECR with Helm benefits your container image management workflow. Firstly, Amazon ECR provides a highly available and scalable infrastructure to store your container images, ensuring their availability during deployments. Secondly, Amazon ECR integrates seamlessly with Amazon EKS, allowing you to use Helm charts to deploy applications on Kubernetes clusters easily. Lastly, Amazon ECR’s integration with AWS Identity and Access Management (IAM) enables fine-grained access control to your container images, ensuring secure and authorized access.

Helm chart images often contain sensitive information like credentials. By creating a private repository, we can control who can access the images, ensuring that only authorized users or systems can pull or push images. Private repositories in Amazon ECR provide an additional layer of security. We should configure AWS IAM (Identity and Access Management) policies to manage access permissions. This helps to prevent unauthorized access to helm chart images, reducing the risk of potential security breaches.
Amazon ECR also supports uploading Open Container Initiative (OCI) artifacts to private repositories, providing us with flexibility and compatibility.

Step-by-Step Guide

Step 1 – To start pushing a Helm chart to Amazon ECR, the first step is to create a private repository in Amazon ECR using the following command:

aws ecr create-repository --repository-name helm-chart --region ap-south-1

1	aws ecr create-repository --repository-name helm-chart --region ap-south-1

Step 2 – Next, we must authenticate the Helm client with the Amazon ECR registry to push the Helm chart. The authentication involves obtaining an authentication token from Amazon ECR and using it to log in to the registry:

aws ecr get-login-password --region ap-south-1 | helm registry login --username AWS --password-stdin 51398122XXXX.dkr.ecr.ap-south-1.amazonaws.com

1	aws ecr get-login-password --region ap-south-1 \| helm registry login --username AWS --password-stdin 51398122XXXX.dkr.ecr.ap-south-1.amazonaws.com

Before creating helm chart we need to install Helm which is a powerful package manager that allows too define, install, and upgrade applications using pre-configured charts. By installing Helm, we gain access to a wide range of ready-to-use Helm charts that simplify the deployment of complex applications.

Step 3 – Create a helm chart using the command:

helm create helm-chart

1	helm create helm-chart

Step 4 – After creating the Helm chart, we should clear the contents of the templates directory using the following command:

rm -rf ./helm-chart/templates/*

1	rm -rf ./helm-chart/templates/*

Step 5 – Next, we can create a ConfigMap in the templates directory as shown below:

Create sample configmap in template directory

cd helm-test-chart/templates 
cat <<EOF > configmap.yaml 
apiVersion: v1 
kind: ConfigMap 
metadata: 
  name: helm-test-chart-configmap 
data: 
  myvalue: "Hello World" 
EOF

cd helm-test-chart/templates

cat <<EOF > configmap.yaml

apiVersion: v1

kind: ConfigMap

metadata:

name: helm-test-chart-configmap

data:

myvalue: "Hello World"

EOF

Step 6 – Navigate back one level from the current directory by using the command:

cd ..

cd ..

Packaging the Helm chart is a crucial step that creates a self-contained bundle of our application, making it easy to share, distribute, and deploy in different environments. We can package the chart with the command:

helm package helm-chart

1	helm package helm-chart

Step 7 – To upload the Helm chart to Amazon ECR, we use the helm push command and observe the output containing the Amazon ECR repository URI along with the SHA digest:

helm push helm-chart-0.1.0.tgz oci://513981XXXXXX.dkr.ecr.ap-south-1.amazonaws.com/

1	helm push helm-chart-0.1.0.tgz oci://513981XXXXXX.dkr.ecr.ap-south-1.amazonaws.com/

After successfully pushing the Helm chart to the Amazon ECR repository, we can easily deploy and manage your Helm charts for seamless deployment in your Kubernetes cluster.

Step 8 – Describe your Helm chart using the following command:

aws ecr describe-images --repository-name helm-chart --region ap-south-1

1	aws ecr describe-images --repository-name helm-chart --region ap-south-1

Output: Ensure that the artifactMediaType parameter correctly identifies the appropriate artifact format

{
    "imageDetails": [
        {
            "registryId": "5139XXXXXXXX",
            "repositoryName": "helm-chart",
            "imageDigest": "sha256:db76867411abd27e701cb6711cea885e27f6062c613267f429b2188XXXXXXXXX",
            "imageTags": [
                "0.1.0"
            ],
            "imageSizeInBytes": 1614,
            "imagePushedAt": "2023-07-19T12:51:31+00:00",
            "imageManifestMediaType": "application/vnd.oci.image.manifest.v1+json",
            "artifactMediaType": "application/vnd.cncf.helm.config.v1+json"
        }
    ]
}

{

"imageDetails": [

{

"registryId": "5139XXXXXXXX",

"repositoryName": "helm-chart",

"imageDigest": "sha256:db76867411abd27e701cb6711cea885e27f6062c613267f429b2188XXXXXXXXX",

"imageTags": [

"0.1.0"

"imageSizeInBytes": 1614,

"imagePushedAt": "2023-07-19T12:51:31+00:00",

"imageManifestMediaType": "application/vnd.oci.image.manifest.v1+json",

"artifactMediaType": "application/vnd.cncf.helm.config.v1+json"

}

]

}

Step 9 – Finally, verify whether the image is pushed in Amazon ECR private repository in the AWS console

ecr

Pioneers in Cloud Consulting & Migration Services

Reduced infrastructural costs
Accelerated application deployment

Get Started

Conclusion

By leveraging Amazon ECR with Helm, we can achieve effortless container image management and seamless deployments. With its robust features, scalability, and integration with other AWS services, Amazon ECR simplifies the distribution and deployment of Helm charts. Follow the step-by-step guide and best practices to optimize the container image workflows and enhance the application deployments.

Drop a query if you have any questions regarding Amazon ECR with Helm and we will get back to you quickly.

Making IT Networks Enterprise-ready – Cloud Management Services

Accelerated cloud migration
End-to-end view of the cloud environment

Get Started

About CloudThat

CloudThat is an official AWS (Amazon Web Services) Advanced Consulting Partner and Training partner and Microsoft Gold Partner, helping people develop knowledge of the cloud and help their businesses aim for higher goals using best in industry cloud computing practices and expertise. We are on a mission to build a robust cloud computing ecosystem by disseminating knowledge on technological intricacies within the cloud space. Our blogs, webinars, case studies, and white papers enable all the stakeholders in the cloud computing sphere.

To get started, go through our Consultancy page and Managed Services Package that is CloudThat’s offerings.

FAQs

1. Can we use Amazon ECR with other container orchestration platforms besides Kubernetes?

ANS: – While Amazon ECR integrates seamlessly with Amazon EKS for Kubernetes deployments, it can also be used with other container orchestration platforms that support Docker images.

2. How to handle updates to Helm charts in Amazon ECR?

ANS: – Handling updates to Helm charts in Amazon ECR can be managed through versioning and tags. Whenever you change your Helm chart, you should increment the chart version and push the updated chart to Amazon ECR with a new tag. This ensures that each chart version is uniquely identifiable and can be deployed as needed.

3. Can we control the lifecycle of my Helm charts in Amazon ECR?

ANS: – Yes, you can control the lifecycle of your Helm charts in Amazon ECR using lifecycle policies. Amazon ECR lifecycle policies allow you to define rules for automatically expiring or cleaning up unused and old chart versions. This helps manage storage costs and keeps your Amazon ECR repository organized.

WRITTEN BY Abhilasha D

Abhilasha D is a Research Associate-DevOps at CloudThat. She is focused on gaining knowledge of Cloud environment and DevOps tools. She has keen interest in learning and researching on emerging technologies.