How to: setup deploy key for Gitlab CI to update helm chart repository

This is a part of the setup DevOps process to allow Gitlab CI/CD to update a helm chart which will further deploy to a Kubernetes cluster.

For example flow: app repository -> pull and update helm chart repository -> push to helm chart repository

Due to the cross repository, Gitlab require to use Deploy Key to write to another repository. So, below is the steps to setup Deploy Key for Gitlab CI to update helm chart repository.

steps

Following are the steps that it could be different depend on OS your use or anything others

1. Generate a new SSH key pair

Generate a new SSH key pair with the following command:

ssh-keygen -t ed25519 -C "gitlab-ci"

This will ask you to enter a file path to save the key pair. (e.g. /whatever/path/id_ed25519) and it will create two files: id_ed25519 and id_ed25519.pub

2. Encode the private key

Due to the Gitlab requirement for the value of variables, it can not contain some special characters. To fix this we need to encode the private key to base64 and remove the \n characters.

Then, copy it to the clipboard for further use.

openssl base64 -in id_ed25519 | tr -d '\n' | pbcopy

[!NOTE]
This command test in MacOS

3. Add the private key as a group CI/CD variable

Navigate to group settings -> CI/CD -> Variables and add a new variable with the following settings

• Visibility: Masked
• Protect variable: Unchecked
• Expand variable reference: Checked
• Key: like PROJECT_HELM_PRIVATE_KEY
• Value: paste the encoded private key

Then save the variable.

4. Add the public key to the target repository

Add the public key (id_ed25519.pub) to the target repository as a Deploy Key with Grant write permissions to this key checked.

Conclusion

Now, the Gitlab CI can use the private key to update (push) the helm chart repository without any issue.

Detail about the use of key pair will be another topic or post.