The Helm chart feature of Container Registry Enterprise Edition helps you effectively manage and distribute various Kubernetes resources. You can push and pull charts only after you install and configure the Helm client and configure a Container Registry Enterprise Edition instance. This topic describes how to use Helm V2.X and V3.X to push and pull charts.

Background information

Kubernetes provides a unified API, which allows you to define Kubernetes resources in YAML files. Kubernetes has various types of resources, such as deployments, StatefulSets, and ConfigMaps.

As the YAML-based software delivery system is continuously improved, the Cloud Native Computing Foundation (CNCF) community has developed charts and its implementation tool Helm to manage resources at a higher level.

  • A chart is a collection of files that describe a related set of Kubernetes resources. For example, a chart can be a collection of files that describe WordPress and MySQL resources or a collection of resource description files for an etcd cluster.
  • Helm is a command-line program used to manage charts and their releases.
Container Registry Enterprise Edition allows you to manage Helm charts of V2.X and V3.X. The Helm chart feature helps you manage your cloud-native assets with ease. Helm charts of different versions are managed in different ways:
  • If your use Helm V3.X, you can directly use Container Registry Enterprise Edition to manage Helm charts.
  • If you use Helm V2.X, you must turn on Charts on the Overview page of your Container Registry Enterprise Edition instance. When the component starts to run, you can manage chart repositories. Turn on Charts

Use Helm V2.X to push and pull charts

Step 1: Install the Helm client

  1. Download Helm of the required version from the official website.
    Note Make sure that the version of the client is V2.X. You can run the helm version -c command to check the version. In this example, the version of the client is V2.14.2.
  2. Run the following commands to decompress the installation package of Helm and move the decompressed file to a specified directory:
    # Decompress the installation package. 
    tar -zxvf helm-v2.14.2-linux-amd64.tgz
    # Move the decompressed file to the specified directory. 
    mv linux-amd64/helm /usr/local/bin/helm                    
  3. Install the Helm plug-in of Alibaba Cloud.
    Note Before you install the Helm plug-in, make sure that Git is installed.
    • If your server resides outside China or can access GitHub, run the following command to install the Helm plug-in:
      helm plugin install https://github.com/AliyunContainerService/helm-acr
    • If your server resides in China and runs the Linux operating system, run the following commands to install the Helm plug-in:
      git clone https://github.com/AliyunContainerService/helm-acr.git
      sed -i 's/github.com/helm-acr-releases.oss-cn-hangzhou.aliyuncs.com/g' helm-acr/scripts/install_plugin.sh
      helm plugin install helm-acr
    • If your server resides in China and runs the Mac operating system, run the following commands to install the Helm plug-in:
      git clone https://github.com/AliyunContainerService/helm-acr.git
      sed -i '' 's/github.com/helm-acr-releases.oss-cn-hangzhou.aliyuncs.com/g' helm-acr/scripts/install_plugin.sh
      helm plugin install helm-acr
  4. Initialize Helm.
    • If Helm is installed on a node of a Container Service for Kubernetes (ACK) cluster, the tiller has been initialized by default. You only need to initialize the client. If you also do not want to access Google charts, run the following command to initialize Helm:
      helm init --client-only --skip-refresh
    • If Helm is installed on a node of a self-managed Kubernetes cluster and you do not want to access Google charts, run the following command:
      helm init --skip-refresh

Step 2: Configure your Container Registry Enterprise Edition instance

  1. Create a namespace.
    1. Log on to the Container Registry console.
    2. In the left-side navigation pane, click Instances.
    3. On the Instances page, click the required Container Registry Enterprise Edition instance.
    4. On the management page of the Container Registry Enterprise Edition instance, choose Helm Chart > Namespace in the left-side navigation pane.
    5. On the Namespace page, click Create Namespace.
    6. In the Create Namespace dialog box, set the Namespace, Automatically Create Repository, and Default Repository Type parameters, and click Confirm.
  2. Create a chart repository.
    Note

    When Automatically Create Repository is selected for the namespace, you can use Helm to push charts to a chart repository without the need to create the chart repository in advance in the console.

    In Container Registry Enterprise Edition, you can access a chart repository in the following format: <Instance name>-chart.<Region ID>.cr.aliyuncs.com/<Namespace>/<Chart repository name>. The version of a chart repository is in the format of <Chart name>-<Version number>. You can use a virtual private cloud (VPC) to access a chart repository in the format of <Instance name>-chart-vpc.<Region ID>.cr.aliyuncs.com/<Namespace>/<Chart repository name>.

    1. On the management page of a Container Registry Enterprise Edition instance, choose Helm Chart > Repositories in the left-side navigation pane.
    2. On the Chart Repositories page, click Create Repositories.
    3. In the Create Helm Chart dialog box, set the Namespace, Repository Name, and Type parameters, and click Confirm.
  3. Configure an access credential.
    Set a password or a temporary token that is used to access Helm charts. In this example, set a password.
    1. On the management page of the Container Registry Enterprise Edition instance, choose Instances > Access Credential in the left-side navigation pane.
    2. On the Access Credential page, click Set Password.
    3. In the Set Password dialog box, set the Password and Confirm Password parameters. Click Confirm.
  4. Configure access control.
    Enable Internet access or enable access over a VPC to facilitate the upload of Helm charts. In this example, Internet access is enabled. For more information about how to enable access over VPCs, see Configure access over VPCs.
    1. On the management page of a Container Registry Enterprise Edition instance, choose Helm Chart > Access Control in the left-side navigation pane.
    2. On the Access Control page, click the Internet tab.
    3. On the Internet tab, turn on Access Portal and click Add Internet Whitelist.
    4. In the Add Internet Whitelist dialog box, specify the CIDR block that is allowed to access the Container Registry Enterprise Edition instance and the description, and click Confirm.
  5. Run the following commands to configure on-premises repository mapping:

    You must specify an on-premises repository and map it to a chart repository in a namespace in Container Registry.

    export HELM_REPO_USERNAME='<The account in the access credential of the Container Registry Enterprise Edition instance>';
    export HELM_REPO_PASSWORD='<The password in the access credential of the Container Registry Enterprise Edition instance>';
    helm repo add <On-premises repository name> acr://<Instance name>-chart.<Region ID>.cr.aliyuncs.com/<Namespace>/<Chart repository> --username ${HELM_REPO_USERNAME} --password ${HELM_REPO_PASSWORD}            
    Configure on-premises repository mapping

Step 3: Push and pull charts

  1. Push a chart.
    1. Run the following commands to push the chart:
      # Create an on-premises chart. 
      helm create <Chart name>
      
      # Push the chart directory. 
      helm push <Chart name> <On-premises repository name>
      
      # Push the compressed chart package. 
      helm push <Chart name>-<Chart version>.tgz <On-premises repository name>            
      Push a chart
    On the Chart Repositories page, click the name of the destination chart repository. On the page that appears, click Versions in the left-side navigation pane. On the Versions page, you can view the pushed chart.
  2. Run the following command to pull the chart:
    # Update the on-premises chart index from the chart repository in Container Registry. 
    helm repo update
    
    # Pull a chart. 
    helm fetch <On-premises repository name>/<Chart name> --version <Chart version>
    
    # Install a chart directly. 
    helm install -f values.yaml <On-premises repository name>/<Chart name> --version <Chart version>            

Use Helm V3.X to push and pull charts

Step 1: Configure your Container Registry Enterprise Edition instance

  1. Create a namespace.
    1. Log on to the Container Registry console.
    2. In the left-side navigation pane, click Instances.
    3. On the Instances page, click the required Container Registry Enterprise Edition instance.
    4. On the management page of the Container Registry Enterprise Edition instance, choose Repository > Namespace in the left-side navigation pane.
    5. On the Namespace page, click Create Namespace.
    6. In the Create Namespace dialog box, set the Namespace, Automatically Create Repository, and Default Repository Type parameters, and click Confirm.
  2. Create an image repository.
    1. On the management page of the Container Registry Enterprise Edition instance, choose Repository > Repositories in the left-side navigation pane.
    2. On the Repositories page, click Create Repositories.
    3. In the Repository Info step, set the Namespace, Repository Name, Repository Type, Tags, Accelerated Image, Summary, and Description parameters, and click Next.
    4. In the Code Source step, set the Code Source, Build Settings, and Build Rules parameters, and click Create Repositories.
      Parameter Description
      Code Source The code source.
      Build Settings
      • Automatically Build Images When Code Changes: If you select this option, an image is automatically built when code is committed from a branch.
      • Build With Servers Deployed Outside Mainland China: If you select this option, images are built in a data center outside mainland China and then pushed to the image repository.
      • Build Without Cache: If you select this option, the system pulls the dependent base image for every image to be built. This may prolong the build time.
      Build Rules After the repository is created, you can go to the Build page to create build rules. For more information, see Create a repository and build images.
  3. Configure an access credential.
    Set a password or a temporary token that is used to log on to the repositories of your Container Registry Enterprise Edition instance. In this example, set a password.
    1. On the management page of the Container Registry Enterprise Edition instance, choose Instances > Access Credential in the left-side navigation pane.
    2. On the Access Credential page, click Set Password.
    3. In the Set Password dialog box, set the Password and Confirm Password parameters. Click Confirm.
  4. Configure access control.
    Enable Internet access or enable access over a VPC to facilitate the upload of Helm charts. In this example, Internet access is enabled. For more information about how to enable access over VPCs, see Configure access over VPCs.
    1. On the management page of the Container Registry Enterprise Edition instance, choose Repository > Access Control in the left-side navigation pane.
    2. On the Access Control page, click the Internet tab.
    3. On the Internet tab, turn on Access Portal and click Add Internet Whitelist.
    4. In the Add Internet Whitelist dialog box, specify the CIDR block that is allowed to access the Container Registry Enterprise Edition instance and the description, and click Confirm.

Step 2: Push and pull charts

  1. Download the Helm client of the required version from the official website.
    Note Make sure that the version of the client is V3.X. You can run the helm version -c command to check the version. In this example, the version of the client is V3.0.2.
  2. Run the following command to enable the experiment feature for the Helm client of V3.X:
    export HELM_EXPERIMENTAL_OCI=1
  3. Run the following command to log on to the Container Registry Enterprise Edition instance:
    Replace <Registry logon name> with your Alibaba Cloud account.
    helm3 registry login --username=<Registry logon name> <Name of the Container Registry Enterprise Edition instance>.cn-<The region where the Container Registry Enterprise Edition instance resides>.cr.aliyuncs.com
    Example:
    helm3 registry login --username=123@188077086902**** m**-registry.cn-hangzhou.cr.aliyuncs.com

    In the command output, enter the logon password. The logon password is the password that you set in Step 1.

  4. Push a chart.
    1. Run the following command to save the chart directory as the image tag of the repository in the Container Registry Enterprise Edition:
      helm3 chart save helloworld <Name of the Container Registry Enterprise Edition instance>.cn-<The region where the Container Registry Enterprise Edition instance resides>.cr.aliyuncs.com/<Namespace name>/<Repository name>:<Image tag>
      Example:
      helm3 chart save helloworld m**-registry.cn-hangzhou.cr.aliyuncs.com/m**/test:latest
    2. Run the following command to push the image tag to the repository in the Container Registry Enterprise Edition instance.
      helm3 chart push <Name of the Container Registry Enterprise Edition instance>.cn-<The region where the Container Registry Enterprise Edition instance resides>.cr.aliyuncs.com/<Namespace name>/<Repository name>:<Image tag>
      Example:
      helm3 chart push m**-registry.cn-hangzhou.cr.aliyuncs.com/m**/test:latest
  5. Pull a chart.
    1. Run the following command to pull the specified image tag from the repository in the Container Registry Enterprise Edition.
      helm3 chart pull <Name of the Container Registry Enterprise Edition instance>.cn-<The region where the Container Registry Enterprise Edition instance resides>.cr.aliyuncs.com/<Namespace name>/<Repository name>:<Image tag>
      Example:
      helm3 chart pull m**-registry.cn-hangzhou.cr.aliyuncs.com/m**/test:latest
    2. Run the following command to export the image tag to a local directory. Then, you can view a local chart directory.
      helm3 chart export <Name of the Container Registry Enterprise Edition instance>.cn-<The region where the Container Registry Enterprise Edition instance resides>.cr.aliyuncs.com/<Namespace name>/<Repository name>:<Image tag> -d .
      Example:
      helm3 chart export m**-registry.cn-hangzhou.cr.aliyuncs.com/m**/test:latest -d .