All Products
Search

This Product

    Compute Nest:Helm chart deployment packages

    Document Center

    Compute Nest:Helm chart deployment packages

    Last Updated:Jun 06, 2025

    This topic describes how Helm chart deployment packages work and how to create and use a Helm chart deployment package.

    Scenarios

    • If you want to keep your Helm charts confidential when you use Helm charts to deploy services, we recommend that you use the Helm chart deployment packages of Compute Nest. These deployment packages are stored in an Alibaba Cloud Container Registry repository of Compute Nest. They are securely pulled by using temporary keys.

      Important

      If a Helm chart can be publicly accessed, directly specify the public URL of the Helm chart in a Resource Orchestration Service (ROS) template. No additional configurations are required.

    • Generally, Helm charts are suitable for services with a complex structure and a large number of YAML files for resource deployment. Helm charts facilitate structured management of these YAML files. Helm chart deployment packages are managed in the Container Registry repository of Compute Nest. For more information about how to upload and pull Helm chart deployment packages, see Container image deployment packages.

    How it works

    You can define the following two identifiers in a service template to use a Helm chart deployment package:

    • {{computenest::helmchart::test}}: the deployment package identifier to be replaced with the full address of a Helm chart, such as oci://compute-nest-chart-registry.cn-hangzhou.cr.aliyuncs.com/${aliUid}/wordpress:15.4.1.

    • {{computenest::helm::dockerconfigjson}}: the key that is used to pull a Helm chart deployment package from the Container Registry repository of Compute Nest.

    Helm charts are deployed by using the public module MODULE::ACS::ComputeNest::FluxOciHelmDeploy defined by Compute Nest. This public module uses the open source component FluxCD, which supports only charts in the Open Container Initiative (OCI) format. Therefore, the Helm chart deployment packages of Compute Nest must be in the OCI format. The following sample code shows how to use MODULE::ACS::ComputeNest::FluxOciHelmDeploy to deploy a Helm chart deployment package:

    Resources:
  FluxHelmDeploy:
    Type: MODULE::ACS::ComputeNest::FluxOciHelmDeploy
    Version: v1
    Properties:
      ClusterId:
        Ref: ClusterId
      ReleaseName: wordpress
      Namespace: wordpress
      HelmChartUrl: '{{ computenest::helmchart::test }}'
      DockerConfigJson: '{{ computenest::helm::dockerconfigjson }}'
      ChartValues:
        mariadb:
          primary:
            persistence:
              enabled: true
              storageClass: alicloud-disk-essd
              size: 20Gi
        persistence:
          enabled: false
...

    Create and use a Helm chart deployment package

    Prerequisites

    A Helm client is installed, and a Helm chart is prepared. For more information, see Push and pull Helm charts.

    Create a Helm chart deployment package

    1. Configure the basic information about the deployment package.

      1. Log on to the Compute Nest console. In the left-side navigation pane, click Service Deployment Package. In the Deployment Package section of the Service Deployment Package page, click Create Deployment Package.

      2. In the Deployment Package Information section, configure the parameters described in the following table.

        Parameter

        Description

        Deployment Package Name

        The name of the deployment package. The name must be 3 to 128 characters in length, and can contain letters, digits, and underscores (_). The name cannot be changed after the deployment package is created.

        Version Name

        The name of the deployment package version. The name must be 3 to 50 characters in length, and can contain letters, digits, and underscores (_).

        Description

        The description of the deployment package. The description must be 10 to 500 characters in length.

        Resource Group

        The name of the resource group to which the deployment package belongs.

        Resource groups are used to group your resources by usage, permission, and region. You can use resource groups to organize your resources in a hierarchical manner and group resources based on users and projects. For more information, see Manage resource groups.

        Tag Settings

        The tags that you want to add to the deployment package. Select or enter complete tag keys and tag values. You can add up to 20 tags to a deployment package. If no tag key or tag value are available, you can create a custom tag. For more information, see Add a custom tag.

    2. Configure the Helm chart deployment package.

      1. In the Deployment Package Content section, select Helm Chart for the Deployment Package Type parameter.

      2. Click Obtain Access Credential to obtain a temporary key for the namespace. Then, run the obtained commands in sequence in the CLI.

        image

      3. After the Helm chart is uploaded to the Container Registry repository of Compute Nest, select the chart for the Select Product parameter and click Publish Deployment Package.

        image

    3. View the deployment package.

      1. Return to the Service Deployment Package page. Find the deployment package that you want to view and click its name. On the Deployment Package Details page, you can view the details of the deployment package.

      2. If the status of the Helm chart deployment package is Available, the Helm chart deployment package is created.

    Use a Helm chart deployment package

    In this example, a private service is created to describe how to use a Helm chart deployment package.

    1. Log on to the Compute Nest console.

    2. In the left-side navigation pane, click My Services. On the Created Services tab of the My Services page, click Create Service.

    3. On the Create Service page, set Select Service Creation Method to Custom Launch, Select Service Type to Private Service, and then click Next: Configure Settings.

      image

    4. Enter the basic service information as prompted. Select a template type and template creation method, select ROS for the Deployment Method parameter, and then enter the template content.

      Specify {{ computenest::helmchart::test}} and {{ computenest::helm::dockerconfigjson}} in the ROS template.

      Sample template

      Note

      This sample template is used for testing only. 

      ROSTemplateFormatVersion: '2015-09-01'
Description:
  en: new ack
  zh-cn: 新建ack部署
Parameters:
  PayType:
    Type: String
    Label:
      en: ECS Instance Charge Type
      zh-cn: 付费类型
    Default: PostPaid
    AllowedValues:
      - PostPaid
      - PrePaid
    AssociationProperty: ChargeType
    AssociationPropertyMetadata:
      LocaleKey: InstanceChargeType
  PayPeriodUnit:
    Type: String
    Label:
      en: Pay Period Unit
      zh-cn: 购买资源时长周期
    Default: Month
    AllowedValues:
      - Month
      - Year
    AssociationProperty: PayPeriodUnit
    AssociationPropertyMetadata:
      Visible:
        Condition:
          Fn::Not:
            Fn::Equals:
              - ${PayType}
              - PostPaid
  PayPeriod:
    Type: Number
    Description:
      en: When the resource purchase duration is Month, the value of Period ranges from 1 to 9, 12, 24, 36, 48, or 60. <br><b><font color='red'> When ECS instance types are PrePaid valid </b></font>
      zh-cn: 当购买资源时长为Month时,Period取值:1~9 <br><b><font color='red'>当ECS实例类型为PrePaid有效</b></font>
    Label:
      en: Period
      zh-cn: 购买资源时长
    Default: 1
    AllowedValues:
      - 1
      - 2
      - 3
      - 4
      - 5
      - 6
      - 7
      - 8
      - 9
    AssociationProperty: PayPeriod
    AssociationPropertyMetadata:
      Visible:
        Condition:
          Fn::Not:
            Fn::Equals:
              - ${PayType}
              - PostPaid
  ZoneId:
    Type: String
    AssociationProperty: ALIYUN::ECS::Instance:ZoneId
    Label:
      en: Zone ID
      zh-cn: 可用区
  EcsInstanceType:
    Type: String
    Label:
      en: Instance Type
      zh-cn: 实例类型
    AssociationProperty: ALIYUN::ECS::Instance::InstanceType
    AssociationPropertyMetadata:
      ZoneId: ${ZoneId}
      InstanceChargeType: ${InstanceChargeType}
  EcsInstancePassword:
    NoEcho: true
    Type: String
    AllowedPattern: '[0-9A-Za-z\_\-\&:;''<>,=%`~!@#\(\)\$\^\*\+\|\{\}\[\]\.\?\/]+$'
    Label:
      en: Instance Password
      zh-cn: 实例密码
    ConstraintDescription:
      en: Length 8-30, must contain three(Capital letters, lowercase letters, numbers, ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/ Special symbol in)
      zh-cn: 长度8-30,必须包含三项(大写字母、小写字母、数字、 ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/ 中的特殊符号)
    MinLength: 8
    MaxLength: 30
    AssociationProperty: ALIYUN::ECS::Instance::Password
  ServerSystemDiskCategory:
    Type: String
    AllowedValues:
      - cloud_efficiency
      - cloud_ssd
      - cloud_essd
    AssociationPropertyMetadata:
      LocaleKey: DiskCategory
      InstanceType: ${EcsInstanceType}
    Label:
      en: Server System Disk Category
      zh-cn: Server系统盘磁盘类型
    Default: cloud_essd
  ServerSystemDiskSize:
    Type: Number
    Label:
      en: Server System Disk Size(GB)
      zh-cn: Server节点系统盘大小(GB)
    MinValue: 1
    Default: 500
  VpcCidrBlock:
    Type: String
    Label:
      en: VPC CIDR IPv4 Block
      zh-cn: 专有网络IPv4网段
    Description:
      zh-cn: VPC的ip地址段范围,<br>您可以使用以下的ip地址段或其子网:<br><font color='green'>[10.0.0.0/8]</font><br><font color='green'>[172.16.0.0/12]</font><br><font color='green'>[192.168.0.0/16]</font>
      en: 'The ip address range of the VPC in the CidrBlock form; <br>You can use the following ip address ranges and their subnets: <br><font color=''green''>[10.0.0.0/8]</font><br><font color=''green''>[172.16.0.0/12]</font><br><font color=''green''>[192.168.0.0/16]</font>'
    Default: 192.168.0.0/16
    AssociationProperty: ALIYUN::VPC::VPC::CidrBlock
  VSwitchCidrBlock:
    Type: String
    Label:
      en: VSwitch CIDR Block
      zh-cn: 交换机子网网段
    Description:
      zh-cn: 必须属于VPC的子网段。 
      en: Must belong to the subnet segment of VPC.
    Default: 192.168.1.0/24
    AssociationProperty: ALIYUN::VPC::VSwitch::CidrBlock
    AssociationPropertyMetadata:
      VpcCidrBlock: VpcCidrBlock
  PodCidr:
    Type: String
    Description:
      zh-cn: 请填写有效的私有网段,即以下网段及其子网:10.0.0.0/8,172.16-31.0.0/12-16,192.168.0.0/16<br>不能与 VPC 及 VPC 内已有 Kubernetes 集群使用的网段重复。 <font color='blue'><b>创建成功后不能修改</b></font>
      en: 'Please fill in a valid private segment, i.e. the following segments and their subnets: 10.0.0.0/8, 172.16-31.0.0/12-16, 192.168.0.0/16<br> which cannot duplicate the network segments already used by clusters in VPC and VPC Kunetberes. <font color=''blue''><b>Cannot be modified after successful creation</b></font>'
    Label:
      zh-cn: Pod 网络 CIDR
      en: Pod Network CIDR
    AssociationProperty: ALIYUN::CS::ManagedKubernetesCluster::PodCidr
    Default: 10.0.0.0/16
  ServiceCidr:
    Type: String
    Description:
      zh-cn: 可选范围:10.0.0.0/16-24,172.16-31.0.0/16-24,192.168.0.0/16-24<br>不能与 VPC 及 VPC 内已有 Kubernetes 集群使用的网段重复。 <font color='blue'><b>创建成功后不能修改</b></font>
      en: 'Optional range: 10.0.0.0/16-24, 172.16-31.0.0/16-24, 192.168.0.0/16-24<br> cannot duplicate segments already used by existing Kubernetes clusters in VPC and VPC.<font color=''blue''><b>Cannot be modified after successful creation</b></font>'
    Label:
      zh-cn: Service CIDR
      en: Service CIDR
    AssociationProperty: ALIYUN::CS::ManagedKubernetesCluster::ServiceCidr
    Default: 172.16.0.0/16
Resources:
  EcsVpc:
    Type: ALIYUN::ECS::VPC
    Properties:
      VpcName:
        Ref: ALIYUN::StackName
      CidrBlock:
        Ref: VpcCidrBlock
  EcsVSwitch:
    Type: ALIYUN::ECS::VSwitch
    Properties:
      VSwitchName:
        Ref: ALIYUN::StackName
      VpcId:
        Ref: EcsVpc
      ZoneId:
        Ref: ZoneId
      CidrBlock:
        Ref: VSwitchCidrBlock
  EcsSecurityGroup:
    Type: ALIYUN::ECS::SecurityGroup
    Properties:
      SecurityGroupName:
        Ref: ALIYUN::StackName
      VpcId:
        Ref: EcsVpc
      SecurityGroupEgress:
        - PortRange: '-1/-1'
          Priority: 1
          IpProtocol: all
          DestCidrIp: 0.0.0.0/0
          NicType: intranet
      SecurityGroupIngress:
        - PortRange: '-1/-1'
          Priority: 1
          IpProtocol: all
          SourceCidrIp:
            Ref: PodCidr
          Description: access to the pod network
          NicType: intranet
        - PortRange: '-1/-1'
          Priority: 1
          IpProtocol: all
          SourceCidrIp:
            Ref: VpcCidrBlock
          Description: access to the VPC
          NicType: intranet
        - PortRange: '-1/-1'
          Priority: 1
          IpProtocol: icmp
          SourceCidrIp: 0.0.0.0/0
          Description: access to the ICMP port
          NicType: intranet
        - Priority: 1
          PortRange: 22/22
          SourceCidrIp: 0.0.0.0/0
          IpProtocol: tcp
        - Priority: 1
          PortRange: 443/443
          SourceCidrIp: 0.0.0.0/0
          IpProtocol: tcp
        - Priority: 1
          PortRange: 3001/3001
          SourceCidrIp: 0.0.0.0/0
          IpProtocol: tcp
        - Priority: 1
          PortRange: 31001/31001
          SourceCidrIp: 0.0.0.0/0
          IpProtocol: tcp
        - Priority: 1
          PortRange: 9000/9000
          SourceCidrIp: 0.0.0.0/0
          IpProtocol: tcp
        - Priority: 1
          PortRange: 3389/3389
          SourceCidrIp: 0.0.0.0/0
          IpProtocol: tcp
        - Priority: 1
          PortRange: 80/80
          SourceCidrIp: 0.0.0.0/0
          IpProtocol: tcp
  CsghubServerInstance:
    Type: ALIYUN::ECS::InstanceGroup
    Properties:
      ZoneId:
        Ref: ZoneId
      IoOptimized: optimized
      InstanceChargeType:
        Ref: PayType
      PeriodUnit:
        Ref: PayPeriodUnit
      Period:
        Ref: PayPeriod
      VpcId:
        Ref: EcsVpc
      VSwitchId:
        Ref: EcsVSwitch
      SecurityGroupId:
        Ref: EcsSecurityGroup
      SystemDiskCategory:
        Ref: ServerSystemDiskCategory
      SystemDiskSize:
        Ref: ServerSystemDiskSize
      MaxAmount: 1
      ImageId: centos_7
      InstanceType:
        Ref: EcsInstanceType
      Password:
        Ref: EcsInstancePassword
      InternetMaxBandwidthOut: 50
      InstanceName:
        Fn::Join:
          - '-'
          - - Ref: ALIYUN::StackName
            - '[1,4]'
  InstanceRunCommand:
    Type: ALIYUN::ECS::RunCommand
    Properties:
      Type: RunShellScript
      Sync: true
      CommandContent:
        Fn::Sub:
          - |
            #!/bin/bash

            yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
            yum makecache fast
            yum install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin jq
            mkdir -p /etc/docker
            tee /etc/docker/daemon.json <<-'EOF'
            {
                "registry-mirrors": [
                    "https://docker.m.daocloud.io",
                    "https://mirror.baidubce.com",
                    "https://dockerproxy.com",
                    "https://mirror.iscas.ac.cn",
                    "https://huecker.io",
                    "https://dockerhub.timeweb.cloud",
                    "https://noohub.ru",
                    "https://vlgh0kqj.mirror.aliyuncs.com"
                ]
            }
            EOF
            systemctl enable docker
            systemctl start docker
            sleep 10

            # Install the server.
            wget '{{ computenest::file::csgserver }}' -O csghub-main.tar.gz
            tar -xvf csghub-main.tar.gz
            cd /root/csghub-main/deploy/all_in_one
            sed -i 's/SERVER_DOMAIN=[^,)]*/SERVER_DOMAIN=${PublicAddress}/' .env
            sleep 10
            chmod 777 startup.sh
            ./startup.sh
            sleep 10
            docker compose restart user_server
            sleep 10
            docker compose restart nginx
            docker compose restart user_server
            # When the execution of the code is successful, ROS calls back WaitCondition to stop waiting.     
          - PublicAddress: 
              Fn::Select:
                - 0
                - Fn::GetAtt:
                    - CsghubServerInstance
                    - PublicIps
      InstanceIds:
        Fn::GetAtt:
          - CsghubServerInstance
          - InstanceIds
      Timeout: 3600

    5. Configure a Helm chart association in the Deployment Package Association section. Click Deployment Package Association. In the Select Deployment Package dialog box, select a deployment package and a version and click OK to associate the Helm chart deployment package with the deployment package identifier.

      image

    6. Save and test the service. After the service passes the test, check whether the service meets the review criteria of Compute Nest and submit the service for review. For more information, see Review criteria.

    7. After the service is created, view the associations with deployment packages on the service details page.

      image

    References

    • For more information about how to create a service in Compute Nest, see Create a service.

    • If you no longer need a deployment package or deployment package version, you can delete it. For more information, see Delete a deployment package.

    • If you need to modify a deployment package such as the content, you can create a new version. For more information, see Create a version.

    • For more information about how to configure the update settings of a deployment package, see Configure service update settings.