Migrate helm chart to oci registry in Harbor

Migrate steps

This guide explains how to migrate your Helm chart files(chartmuseum) to OCI chart files.

Make sure that the source Harbor registry version is v2.7.x or lower before proceeding with the migration.

If you're using Harbor with docker-compose or Harbor Tile, skip to step 5.
If you're using Harbor-helm or TKG packages, follow the steps 1-4.

Set up a new Harbor registry(temp Harbor registry) on your local machine using the online/offline installer, or use an existing one with version 2.2.x or higher. Make sure not to install this registry instance on Kubernetes.
Log in to the temp Harbor registry and create a new registry point to the source Harbor registry.
Create a replication rule to copy all helm charts of the source Harbor registry to the temp Harbor registry.
Once replication is complete, all your Helm chart files should be available in the /data/chart_storage directory.
To convert and push the OCI Helm charts to the source Harbor registry, run the following command in a terminal:

docker run -it --rm -v <path_to_chart_storage_directory>:/chart_storage \
-v <path_to_the_source_harbor_registry__root.ca>:/usr/local/share/ca-certificates/harbor_ca.crt \
 firstfloor/migrate-chart:1.0.0 --hostname <the_hostname_of_source_harbor_registgry> --password <the_admin_password_of_source_harbor_registgry>

After the command completes, check the <path_to_chart_storage_directory>/migration_errors.txt file to see if there are any errors. If there are no errors, all Helm charts should be pushed to Harbor successfully.

Verify

To verify that the migration was successful, follow these steps:

Install the Helm chart with OCI registry and verify that it works:

helm install myrelease oci://<the_hostname_of_source_harbor_registgry>/<project>/<helm_reponame> --version <chart_version>

The new Helm chart can be pushed to the source Harbor with this command:

helm push harbor-1.7.3.tgz  oci://<the_hostname_of_source_harbor_registgry>/<project>/

Questions

Question 1: Previous helm cli(chart-museum repo) support helm search, how to search helm chart in oci registry?

The cli helm search is not supported, we could search helm chart in Harbor UI. filter artifact by Type and select "CHART", all helm charts are listed in the current repository.

Question 2: Our charts are signed, how to push/verify the provenance file with oci registry?

The helm push command pushes the provenance file if it exists in the same directory, and the helm pull command could download the provenance file if it is a signed chart. and also you could run helm verify on the chart

helm pull oci://<harbor fqdn>/helm-test/harbor --version 1.7.3
# the previous keyring to sign the chart is exported to secring.gpg
helm verify harbor-1.7.3.tgz --keyring=secring.gpg

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Migrate helm chart to oci registry in Harbor

Migrate steps

Verify

Questions

Question 1: Previous helm cli(chart-museum repo) support helm search, how to search helm chart in oci registry?

Question 2: Our charts are signed, how to push/verify the provenance file with oci registry?

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally