Open in app

Sign in

Write

Sign in

Leverage OCI Registry with Helm

Fsegredo
5 min readJan 5, 2024

--

Agenda

  • OCI registry to publish Helms
  • BONUS: ArgoCD + Oci Registry

In this article, we will learn about how to use OCI-Based Registries in Helm versions ≥ 3.8.0.

The Open Container Initiative (OCI) is an open governance structure for the express purpose of creating open industry standards around container formats and runtimes. — The Linux Foundation

Combining Helm with an OCI registry offers several advantages for handling and deploying containerized applications in Kubernetes environments;

  • The first aspect is standardization, as it implicitly establishes a standard for helm packing and distribution.
  • Versioning and Rollbacks — By combining both, you can easily manage and keep track of different versions of charts. You can also rollback to previous versions, audit changes, and have a clear record of your releases.
  • Centralization — Keeping both images and helms in the same registry

Here are some places where you can share your helm charts that have OCI support.

  • AWS ECR
  • Azure Container Registry
  • Docker Hub
  • Google Artifact Registry
  • Harbor
  • Artifactory

To simplify this article, we will be using DockerHub as our main registry.

A few things to keep in mind when using OCI base registries…

  • If your registry has authentication in place, it will follow the same logic as the Docker registry.
helm registry login -u YOURUSER REGISTRYADDRESS

helm registry logout REGISTRYADDRESS
  • When utilizing the helm push command the registry address must be prefixed with oci://, registry address only (without including chart names nor versions ):
helm push YOURCHART-VERSION.tgz oci//registry-1.docker.io/yourHubspace
  • The Command helm repo add is not compatible with OCI registries, therefore, in order to install/upgrade it is necessary to specify the registry address.
helm install CHARTNAME oci://registry-1.docker.io/yourHubSpace/CHARTNAME - version 1.0.0

Practical Example

We’re going to start with the usual procedure, and pack the helm folder strucure

helm package /home/opc/mychart/
mychart/
├─ templates/
values.yaml
Chart.yaml
.helmignore

Login into your registry

helm registry login -u youruser registry-1.docker.io

Next step is to push the helm we just packed to the oci registry

helm push example-app-1.0.0.tgz oci://registry-1.docker.io/fabiosegredo

Now listing my dockerHub registry, we can verify that he helm was pushed sucessfully, comparing with a container image the only visible difference would be the the type/contains showing Helm instead of image.

Helm chart was pushed and is now available to install or upgrade, let’s do that

helm install example oci://registry-1.docker.io/fabiosegredo/example-app - version 1.0.0

Let’s verify if everything is ok by listing the helms installed and the resources installed by the it.

helm list

k get all -n teste
helm list
kubectl get all -n teste

Verifing the OCI chart Manifest with skopeo

skopeo inspect  --raw docker://docker.io/fabiosegredo/example-app:1.0.0 | jq -r

As a Bonus we’ll use ArgoCD and OCI registry and see how it goes.

First, we will create a secret containing all the necessary information about the registry.

apiVersion: v1
kind: Secret
metadata:
  name: my-oci-repo-creds
  namespace: argocd
  labels:
    argocd.argoproj.io/secret-type: repository
data:
  enableOCI: true
  name: teste
  password: (Registry password)
  project: Default
  type: Helm
  url: (REGISTRY URL) #example:registry-1.docker.io/fabiosegredo
  username: (Registry User)

After ensuring that all necessary settings are made (Keep in mind it’s a Secret you’ll need to base64 the values). Once the manifest is applied, we can verify the connection status via ArgoCD UI or CLI.

and finally we apply the application for the previously pushed helm (example-app version 1.0.0)

The Application is then applied with the Helm we previously created!

apiVersion: argoproj.io/v1alpha1
metadata:
  name: my-helm-chart
  namespace: argocd
kind: Application
spec:
  project: default
  source:
    repoURL: registry-1.docker.io/fabiosegredo
    targetRevision: 1.0.0
    chart: example-app
    helm:
      passCredentials: false
  destination:
    server: https://kubernetes.default.svc
    namespace: argo-testing
  syncPolicy:
    automated:
      selfHeal: true
      prune: true
      allowEmpty: true
    syncOptions:
    - CreateNamespace=true

Back to the UI to check the status of the application.

And there you have it, a simple and basic demonstration of how to use OCI registries for your chats.

Happy Helming!!

If this post was helpful, please click the clap 👏 button below a few times👇

Helm Chart
Helm
Registry
Kubernetes
Argo Cd

--

--

Fsegredo

Written by Fsegredo

49 Followers

DevOps || Terraform || Ansible || Docker || Kubernetes || .Net || CNCF

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams