Helm supports working with charts in container registries using Helm OCI, from v3.8.0. This article will help you understand the OCI registries and how we can deploy or resolve Helm charts in an OCI registry using Artifactory.
Helm OCI Registry in Artifactory Starting from Artifactory Cloud version 7.75.3 Artifactory defaults repository creation to Helm OCI in the JFrog Platform WebUI which is compatible with Helm client version 3.8.0. Our Helm repositories continue to provide legacy support for older versions. For more information, see Helm OCI Repositories and the Helm documentation.
Install helm charts from OCI-based registries using Artifactory remote repositories Dockerhub supports OCI artifacts, and in some cases, stores Helm charts wrapped as OCI. You can create a remote docker repository with the upstream URL of “https://registry-1.docker.io/ ” and use that repository with your helm v 3.8.0 + commands to pull images from the OCI registry.
To install a Helm chart from DockerHub:
In this example, you will pull a Helm Chart called bitnamicharts/redis from DockerHub.
1. Create a docker remote repository in Artifactory, say oci-test-docker-remote, with the URL “https://registry-1.docker.io/ ”.
To install a Helm chart from DockerHub:
In this example, you will pull a Helm Chart called bitnamicharts/redis from DockerHub.
1. Create a docker remote repository in Artifactory, say oci-test-docker-remote, with the URL “https://registry-1.docker.io/ ”.
2.Log in to your Helm OCI client using helm registry login command:
Make sure to replace the placeholder in bold with your own JFrog host domain.
helm registry login <YOUR_JFROG_DOMAIN>
For example:
$ helm registry login acme.jfrog.io
Username: admin
Password:
Login Succeeded
3. Now pull a Helm chart image using the Artifactory remote repository or the respective virtual repository URL (here ‘oci-test-docker’ is my virtual docker repository)
Make sure to replace the placeholders in bold with your own JFrog domain, repository name, and chart name. Specifying the version is optional.
helm pull oci://<YOUR_JFROG_DOMAIN>/<REPOSITORY_NAME>/<CHART_NAME> --version=<VERSION>
For example:
$ helm pull oci://acme.jfrog.io/helm-oci-remote/bitnamicharts/redis Pulled: acme.jfrog.io/helm-oci-remote/bitnamicharts/redis:18.3.3 Digest: sha256:b3b87725110b01f901c50cd638d082f51e8a1b7bd519fd9d34721c78659c7192
4. You can find that the OCI image is cached in the Artifactory remote repository cache.
5. You can install it using Helm directly from Artifactory using the following command:
Make sure to replace the placeholders in bold with your deployment name, domain name, and OCI image path. Specifying the version is optional.
helm install <DEPLOYMENT_NAME> oci://<ARTIFACTORY_HOST>/<REPOSITORY_KEY>/<CHART_NAME> --version=<VERSION>For example:
$ helm install redis-local oci://acme.jfrog.io/helm-oci-remote/bitnamicharts/redis Pulled: acme.jfrog.io/helm-oci-remote/bitnamicharts/redis:18.3.3 Digest: sha256:b3b87725110b01f901c50cd638d082f51e8a1b7bd519fd9d34721c78659c7192 NAME: redis-local LAST DEPLOYED: Fri Aug 4 16:53:17 2023 NAMESPACE: default STATUS: deployed REVISION: 1 TEST SUITE: None NOTES: CHART NAME: redis CHART VERSION: 18.3.3 APP VERSION: 7.0.12 ** Please be patient while the chart is being deployed **
Upload Helm charts to the OCI registry
You can use an Artifactory local repository to push Helm charts using Helm OCI.
To upload a Helm chart to an Artifactory OCI registry:
In this example, you will upload a Helm Chart called helmpack to a Helm OCI local repository.
1. Create a local Helm OCI repository, say helm-oci-local, in the Artifactory
2. Log in to your Helm OCI client using the helm registry login command:
Make sure to replace the placeholder in bold with your own JFrog host domain.
helm registry login <YOUR_JFROG_DOMAIN>
For example:
$ helm registry login acme.jfrog.io
Username: admin
Password:
Login Succeeded
3. Push the chart to the Helm OCI repository using the helm push command:
Make sure you add the oci:// prefix to the Artifactory repository URL to force the Helm chart to wrap the artifact as OCI.
Make sure to replace the placeholders in bold with your Helm chart .TGZ file, URL, and desired repository path.
helm push <HELM_CHART_TGZ_FILE> oci://<URL>/<REPOSITORY>For example:
$ helm push helmpack-0.2.0.tgz
oci://acme.jfrog.io/helm-oci-local/mycharts
Pushed: acme.jfrog.io/helm-oci-local/mycharts/helmpack:0.2.0
4. You can find the OCI image deployed in the local Helm OCI repository
5. You can install the same chart using the Helm OCI command.
Make sure to replace the placeholders in bold with your deployment name, domain name, and OCI image path.
helm install <DEPLOYMENT_NAME> oci://<YOUR_JFROG_DOMAIN>/<REPOSITORY_KEY>/<CHART_NAME>For example:
$ helm install helmpack-chart oci://acme.jfrog.io/helm-oci-local/mycharts/helmpack Pulled: acme.jfrog.io/helm-oci-local/mycharts/helmpack:0.2.0 Digest: sha256:a4afafcd46b2f346b7d2e428ef156adafdc5328cee2088efedd496bdf45850c0 NAME: helmpack-chart LAST DEPLOYED: Wed Nov 15 16:35:44 2023 NAMESPACE: default STATUS: deployed REVISION: 1 TEST SUITE: None NOTES: CHART NAME: helmpack CHART VERSION: 0.2.0 APP VERSION: 2.4.57 ** Please be patient while the chart is being deployed **
If you are using an Artifactory version before 7.xx or a Helm client version before 3.8.0, you can still use Helm OCI by running the following command:
Limitations of Managing OCI Helm Charts
export HELM_EXPERIMENTAL_OCI=1
Alternatively, if you are using an older Artifactory version, you can also use Docker repositories to host the Helm charts in a container-based registry.
References
- https://helm.sh/docs/topics/registries/#enabling-oci-support
- https://jfrog.com/help/r/jfrog-artifactory-documentation/docker-registry
- https://jfrog.com/help/r/jfrog-artifactory-documentation/helm-oci-repositories