Migrate helm chart to oci registry in Harbor
-
Set up another local Harbor server (install with offline installer), or any existing local Harbor server with version > 2.2.x and installed with offline installer, please do not install this harbor instance on kubernetes.
-
Log in to the local Harbor server, and create a registry point to the source Harbor
-
Create a replication rule to replicate all helm charts in your project to the local Harbor.
-
After replication, all helm chart files should be found in the /data/chart_storage
-
Run the following command to push helm chart to oci registry
docker run -it --rm -v <path to chart storage directory>:/chart_storage \
-v <path to harbor root.ca file>:/usr/local/share/ca-certificates/harbor_ca.crt \
firstfloor/migrate-chart:0.1.0 --hostname <harbor hostname> --password <harbor admin password>
After the command is complete, check the migration_errors.txt file to see if there is any error. If there is no error, all helm charts should be pushed to the Harbor successfully.
- Install the helm chart with oci registry, verify your helm chart work with oci.
helm install myrelease oci://<harbor_fqdn>/<project>/<helm reponame> --version <chart version>
- The new helm chart could be pushed to the source Harbor with this command
helm push harbor-1.7.3.tgz oci://<harbor_fqdn>/<project>/
Question 1: Previous helm cli(chart-museum repo) support helm search, how to search helm chart in oci registry?
The cli helm search is not supported, we could search helm chart in Harbor UI. filter artifact by Type and select "CHART", all helm charts are listed in the current repository.
The helm push command pushes the provenance file if it exists in the same directory, and the helm pull command could download the provenance file if it is a signed chart. and also you could run helm verify on the chart
helm pull oci://<harbor fqdn>/helm-test/harbor --version 1.7.3
# the previous keyring to sign the chart is exported to secring.gpg
helm verify harbor-1.7.3.tgz --keyring=secring.gpg