In Helm 3, charts are pushed to and pulled from an OCI-compliant registry. An OCI registry stores and manages charts on resources such as a local file system, a network server, or cloud storage. Starting from Helm 3.7, charts are handled as OCI artifacts. An OCI (Open Container Initiative) artifact is a standard format for storing and distributing container-related files.
Step 1: Configure a Container Registry Enterprise Edition instance
Create a namespace.
Log on to the Container Registry console.
In the left-side navigation pane, click Instances.
On the Instances page, click the Enterprise Edition instance that you want to manage.
On the management page of the instance, choose .
On the Namespace page, click Create Namespace.
In the Create Namespace panel, enter a Namespace name, specify whether to enable Automatically Create Repository, and then click Confirm.
Create an image repository.
On the management page of the instance, choose .
On the Repositories page, click Create Repository.
In the Repository Info wizard, configure Namespace, Repository Name, Repository Type, Image Version, Accelerated Image, Summary, and Description. Then, click Next.
In the Code Source wizard, configure Code Source, Build Settings, and Build Rules. Then, click Create Repository.
Parameter
Description
Code Source
Select a code source.
Build Settings
Automatically build images when code changes: Automatically triggers an image build when code is committed to a branch.
Build With Servers Deployed Outside Chinese Mainland: Builds images on servers that are located outside the Chinese mainland and pushes the built images to the specified region. If the Dockerfile in your project needs to download files from sites outside the Chinese mainland and the cross-border network is unstable, enable Build With Servers Deployed Outside Chinese Mainland.
Build Without Cache: Forces a fresh pull of the base dependency images for every build, which may increase the build time. Turn off Build Without Cache to speed up image builds.
On the Repositories page, click the target image repository. If Build appears in the left-side navigation pane, the image repository is successfully bound to the source code repository.
Configure an access credential.
Set a fixed or temporary password as the access credential. The following steps describe how to set a fixed password.
On the management page of the instance, choose .
On the Access Credentials page, click Set Password.
In the Set Password dialog box, enter a password in the Password and Confirm Password fields, and click Confirm.
Configure an access control policy.
Enable internet access or add a specified VPC to enable access over a VPC so that you can upload images. This topic provides an example of how to configure internet access control. For more information about how to configure VPC access control, see Configure VPC access control.
On the management page of the instance, choose .
On the Access Control page, click the Internet tab.
On the Internet tab, turn on Enable Access over Internet and click Add Internet Whitelist.
In the Add Internet Whitelist dialog box, enter the allowed CIDR blocks and a description. Then, click Confirm.
Turn on the Pull from Anonymous Users switch. (Optional)
After you enable the Pull from Anonymous Users switch, you can pull images from public image repositories without logging in.
Log on to the Container Registry console.
In the top navigation bar, select a region.
In the left-side navigation pane, click Instances.
On the Instances page, click the Enterprise Edition instance that you want to manage.
On the Overview page, in the Instance Settings section, turn on the Pull from Anonymous Users switch.
In the Tips dialog box, click Confirm.
Step 2: Push and pull a chart
Run the following command to enable the experimental OCI feature for your Helm 3.7 or later client.
export HELM_EXPERIMENTAL_OCI=1Run the following command to log on to the Container Registry Enterprise Edition instance.
Use your Alibaba Cloud account name as the username.
NoteIf you push and pull charts from a public chart repository, you can enable the Overview switch on the Pull from Anonymous Users page in the Container Registry console. Then, you can pull charts from the public chart repository without logging on.
helm3 registry login -u <registry-logon-name> <instance-name>-registry.cn-<region>.cr.aliyuncs.comExample:
helm3 registry login -u acr_test_***@test.aliyunid.com ***-registry.cn-hangzhou.cr.aliyuncs.comWhen prompted, enter the fixed password that you configured.
Run the following command to create a helloworld chart.
helm3 create helloworldRun the following command to package the chart directory into a gzipped tar archive.
tar -zcvf test.tgz helloworldPush and pull the chart.
Push the chart package to the image repository.
Pull the chart package from the image repository.
Run the following command to pull the chart package from the image repository.
Run the following command to decompress the chart package.
Run the following command to install the chart.
helm3 install helloworld ./helloworld
NoteThe pull URI must specify the path to the repository.
helm3 pull oci://<instance-name>-registry.cn-<region>.cr.aliyuncs.com/<namespace-name>/<repository-name> --version <image-tag>Example:
helm3 pull oci://***-registry.cn-hangzhou.cr.aliyuncs.com/test/trem --version helloworldtar -xzvf helloworld-[image-tag].tgz
The push URI must specify the path to the namespace. The repository name is derived from the chart package.
helm3 push test.tgz oci://<instance-name>-registry.cn-<region>.cr.aliyuncs.com/<namespace>Example:
helm3 push test.tgz oci://***-registry.cn-hangzhou.cr.aliyuncs.com/test