OCI (Open Container Initiative) is an open governance structure for the express purpose of creating open industry standards around container formats and runtimes.
Helm 3 supports OCI for package distribution. Chart packages are able to be stored and shared across OCI-based registries. Here
OCI Artifacts actually use an existing docker repository as an infrastructure, extending its capabilities to support other types of artifacts
oci-chartrepo as an adapter that supports the transformation of OCI data structures into standard chart repository data structures.
# There is a docker registry run locally on localhost:5000
$ helm chart save mychart/ localhost:5000/myrepo/mychart:2.7.0
# Install helm push plugin
$ helm plugin install https://github.com/chartmuseum/helm-push.git
$ helm chart push localhost:5000/myrepo/mychart:2.7.0
# The directory structure of the chart artifacts cache also follows the OCI Image specification, you can see the mediaType in index.json is `application/vnd.oci.image.manifest.v1+json`
--port # The server listen port (default is 8080)
--storage # Storage backend (only registry for now)
--storage-registry-repo # Your oci registry address (eg. 192.168.0.1:5000)
--storage-registry-scheme # Your oci registry address scheme (HTTP or HTTPS), default is empty means that the scheme will be automatically determined
/index.yaml # Get the OCI data from --storage-registry-repo, then transform them into standard chart repository data structures.
/charts/:name # Download a chart artifact
# Locally bin
make build
# Docker
docker build -t oci-chart-registry .
docker run -d --restart=always --name oci-chart-registry \
-p 8088:8080 \
oci-chart-registry --storage=registry --storage-registry-repo={your_registry_addr} --port=8080
# If your registry equires user authentication, a file in dockerconfigjson(kubernetes secret type) format needs to be mounted into container /etc/secret/dockerconfigjson
# In the docker run scenario, the content of dockerconfigjson in kubernetes secret needs to be base64 decoded, and then stored it into the ~/dockerconfigjson file
# How to generate dockerconfigjson, please refer to the section "Run in kubernetes"
docker run -d --restart=always --name oci-chart-registry \
-p 8088:8080 \
-v ~/dockerconfigjson:/etc/secret/dockerconfigjson \
oci-chart-registry --storage=registry --storage-registry-repo={your_registry_addr} --storage-registry-scheme=HTTPS --port=8080
# Generate secret config file if you need.
# The dockerconfigjson content can be generated by the following command:
kubectl create secret docker-registry my-registry-secret --docker-server=DOCKER_REGISTRY_SERVER --docker-username=DOCKER_USER --docker-password=DOCKER_PASSWORD --docker-email=DOCKER_EMAIL
# Please modify the --storage-registry-repo and --storage-registry-scheme parameters before apply
kubectl apply -f deploy/oci-chart-registry-deployment.yaml
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Socket CTO Ahmad Nassri discusses why supply chain attacks now target developer machines and what AI means for the future of enterprise security.
Security News
Learn the essential steps every developer should take to stay secure on npm and reduce exposure to supply chain attacks.
Security News
Experts push back on new claims about AI-driven ransomware, warning that hype and sponsored research are distorting how the threat is understood.