Before you use Helm 3 to push and pull charts, you must create an Open Container Initiative (OCI) image repository to store and manage charts. The OCI image repository can be a local file system, network server, or cloud storage service. In Helm 3.7 and later versions, you can use OCI artifacts to push and pull charts. OCI artifacts are standard formats that are used to store and transmit container-related files.
Step 1: Configure your Container Registry Enterprise Edition instance
Create a namespace.
Log on to the Container Registry console.
In the left-side navigation pane, click Instances.
On the Instances page, click the Enterprise Edition instance that you want to manage.
In the left-side navigation pane of the management page of the Container Registry Enterprise Edition instance, choose .
On the Namespace page, click Create Namespace.
In the Create Namespace dialog box, set Namespace, Automatically Create Repository, and Default Repository Type, and then click Confirm.
Create an image repository.
In the left-side navigation pane of the management page of the Enterprise Edition instance, choose .
On the Repositories page, click Create Repository.
In the Repository Info step, set Namespace, Repository Name, Repository Type, Tags, Accelerated Images, Summary, and Description. Then, click Next.
In the Code Source step, configure Code Source, Build Settings, and Build Rules, and then click Create Repository.
Parameter
Description
Code Source
The code source.
Build Settings
Automatically Build Images When Code Changes: The building rule is automatically triggered when code is committed from a branch.
Build With Servers Deployed Outside Chinese Mainland: Images are built on servers outside the Chinese mainland and then pushed to a repository in the specified region. If the Dockerfile used in your project must be downloaded from a site outside the Chinese mainland but the cross-border network connection is unstable, you can enable Build With Servers Deployed Outside Chinese Mainland.
Build Without Cache: The system pulls the base image from the source code repository each time an image is built. This may increase the building time period. You can disable Build Without Cache to accelerate the image building.
On the Repositories page, click the created image repository. If Build is displayed in the left-side navigation pane of the repository management page, the image repository is bound to the source code repository.
Configure an access credential.
You can configure a password or a temporary token as the access credential of the image repository. In this example, a password is configured as the access credential.
In the left-side navigation pane of the management page of the Enterprise Edition instance, choose .
On the Access Credential page, click Set Password.
In the Set Password dialog box, set the Password and Confirm Password parameters. Click Confirm.
Configure console access policies.
Enable Internet access or add a virtual private cloud (VPC) to enable VPC access. This ensures that charts can be pushed to the image repository. In this example, Internet access is enabled. For more information about how to enable access over VPCs, see Configure a VPC ACL.
In the left-side navigation pane of the management page of the Enterprise Edition instance, choose .
On the Access Control page, click the Internet tab.
On the Internet tab, turn on Access Portal and click Add Internet Whitelist.
In the Add Internet Whitelist dialog box, specify the CIDR block that is allowed to access the Enterprise Edition instance and the description, and click Confirm.
(Optional) Turn on Pull from Anonymous Users.
After you turn on Pull from Anonymous Users, you can pull charts from a public image repository as an anonymous user.
Log on to the Container Registry console.
In the top navigation bar, select a region.
In the left-side navigation pane, click Instances.
On the Instances page, click the Enterprise Edition instance that you want to manage.
In the Instance Settings section on the right side of the Overview page, turn on Pull from Anonymous Users.
In the Tips dialog box, click Confirm.
Step 2: Push and pull charts
Run the following command to enable the experimental feature of Helm 3.7 or a later version:
export HELM_EXPERIMENTAL_OCI=1
Run the following command to log on to the Enterprise Edition instance:
Replace <Registry logon name> with your Alibaba Cloud account.
NoteIf you push and pull a public chart repository, you can turn on Pull from Anonymous Users on the Overview page in the Container Registry console. You can then pull the public chart repositories anonymously without logging on.
helm3 registry login -u <Registry logon name> <Name of the Enterprise Edition instance>-registry.cn-<Region in which the Enterprise Edition instance resides>.cr.aliyuncs.com
Example:
helm3 registry login -u acr_test_***@test.aliyunid.com ***-registry.cn-hangzhou.cr.aliyuncs.com
In the command output, enter the logon password. The logon password is the password that you set in Step 1.
Run the following command to create a HelloWorld chart:
helm3 create helloworld
Run the following command to create a compressed package from the chart directory:
tar -zcvf test.tgz helloworld
Push and pull charts.
Push the chart package to repositories.
Pull the chart package from the repositories.
Run the following command to pull the chart package from the repositories:
Run the following command to decompress the chart package:
Run the following command to install the HelloWorld chart:
helm install helloworld ./helloworld
NoteYou must conclude the path of the repository from which the chart is pulled with the name of the repository.
helm3 pull oci://<Name of the Enterprise Edition instance>-registry.cn-<Region in which the Enterprise Edition instance resides>.cr.aliyuncs.com/<Namespace name>/<Image repository name> --version <Image tag>
Example:
helm3 pull oci://***-registry.cn-hangzhou.cr.aliyuncs.com/test/trem --version helloworld
tar -xzvf helloworld-[Image tag].tgz
You must conclude the path of the chart package with the namespace of the repository.
helm3 push test.tgz oci://<Name of the Enterprise Edition instance>-registry.cn-<Region in which the Enterprise Edition instance resides>.cr.aliyuncs.com/<namespace>
Example:
helm3 push test.tgz oci://***-registry.cn-hangzhou.cr.aliyuncs.com/test