Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow to pull charts from OCI registry #81

Open
giuscri opened this issue Dec 3, 2020 · 6 comments
Open

Allow to pull charts from OCI registry #81

giuscri opened this issue Dec 3, 2020 · 6 comments

Comments

@giuscri
Copy link

giuscri commented Dec 3, 2020

No description provided.

@giuscri
Copy link
Author

giuscri commented Dec 3, 2020

Would someone write some pointers for how to implement this?

@DerEnderKeks
Copy link

I just tried to install an OCI chart and it works just fine if you put the full URI (oci://...) into the spec.chart field of a HelmChart CR. (No need to specify thespec.repo)

@chris13524
Copy link

chris13524 commented Jun 29, 2022
edited
Loading

I just tried to install an OCI chart and it works just fine if you put the full URI (oci://...) into the spec.chart field of a HelmChart CR. (No need to specify thespec.repo)

I think this works only for registries using HTTPS. When using k3d managed registries, these are HTTP, so the install errors out with failed to do request: Head "https://k3d-registry.localhost:5000/v2/mychart/manifests/0.1.0": http: server gave HTTP response to HTTPS client for me

I think this requires helm/helm#6324

@smbecker
Copy link
Contributor

I ran into this issue when trying to leverage a private OCI registry. It seems that public OCI registries work by excluding the repo field and fully-qualifying the chart. However, private registries do not and the authSecret support added here only works when repo is provided, which doesn't work with oci:// registries. When installing locally, I login using docker login and then helm pull oci:// works fine as it seems to inherit the credentials. Given that it is fairly common to create a docker registry secret in the cluster so that kubelet can pull the images from the oci:// registry, I found that if you can mount that same registry secret in /home/klipper-helm/docker then it works fine. I would be glad to push a PR if there is interest but honestly not all that familiar with go, so it might take a minute.

@smbecker smbecker mentioned this issue Jun 22, 2023
Merged
@brandond
Copy link
Member

brandond commented Jun 26, 2023
edited
Loading

@smbecker hmm, so there is no facility for hosting a repo index when using an OCI registry as the chart store?

@smbecker
Copy link
Contributor

@smbecker hmm, so there is no facility for hosting a repo index when using an OCI registry as the chart store?

Helm only supports a subset of commands when targeting OCI registries. You can explicitly login but it has been my experience that when using OCI-based registries for Helm charts, then the containers are likely on the same registry as well. In that case, it is easier to just use the inherited docker authentication to login for Helm as well.

otisdog8 added a commit to otisdog8/homelab-v3 that referenced this issue Mar 30, 2024
@otisdog8
Attempt 3: k3s-io/helm-controller#81
a4a5fb2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@smbecker @brandond @chris13524 @giuscri @DerEnderKeks