Upstream
/
harbor
mirror of https://github.com/goharbor/harbor.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Updated Migrate helm chart to oci registry in Harbor (markdown)

stonezdj(Daojun Zhang) 2023-05-08 09:39:05 +08:00
parent 4d682e8c47
commit 063cb1cffb
1 changed files with 13 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
Migrate-helm-chart-to-oci-registry-in-Harbor.md

@ -1,3 +1,5 @@
## Migrate steps
1. Set up another local Harbor server (install with offline installer), or any existing local Harbor server with version > 2.2.x and installed with offline installer, please do not install this harbor instance on kubernetes.
2. Log in to the local Harbor server, and create a registry point to the source Harbor
@ -6,35 +8,32 @@
4. After replication, all helm chart files should be found in the /data/chart_storage
5. Add the ca.crt of the local Harbor to the os, so that it could be trusted by current os. it will be used by the following helm command. refer: https://askubuntu.com/questions/73287/how-do-i-install-a-root-certificate
6. Install helm version 3.7.1 or newer version in local env.
5. Run the following command to push helm chart to oci registry
```
cd /data/chart_storage/<your project>
helm registry login -u <username> -p <password> <hostname> --insecure
export HELM_EXPERIMENTAL_OCI=1
find . -name "*.tgz" -exec helm push {} oci://<harbor fqdn>/<projectname>/ \;
docker run -it --rm -v <path to chart storage directory>:/chart_storage -v <path to harbor root.ca file>:/usr/local/share/ca-certificates/harbor_ca.crt firstfloor/migrate-chart:0.1.0 --hostname <harbor hostname> --password <harbor admin password>
```
7. After all charts are imported, check the chart count matches the count of previous chart files in source Harbor.
After the command is complete, check the migration_errors.txt file to see if there is any error. If there is no error, all helm charts should be pushed to the Harbor successfully.
8. Set up a replication rule, replication the oci artifact to source Harbor, need to double-check there is no namespace collision.
9. Install the helm chart with oci registry, verify your helm chart work with oci.
## Verify
1. Install the helm chart with oci registry, verify your helm chart work with oci.
```
helm install myrelease oci://<harbor_fqdn>/<project>/<helm reponame> --version <chart version>
```
10. The new helm chart could be pushed to the source Harbor with this command
2. The new helm chart could be pushed to the source Harbor with this command
```
helm push harbor-1.7.3.tgz oci://<harbor_fqdn>/<project>/
```
**Question1: Previous helm cli(chart-museum repo) support helm search, how to search helm chart in oci registry?**
## Questions
### Question 1: Previous helm cli(chart-museum repo) support helm search, how to search helm chart in oci registry?
The cli helm search is not supported, we could search helm chart in Harbor UI. filter artifact by Type and select "CHART", all helm charts are listed in the current repository.
<img width="1078" alt="chart" src="https://user-images.githubusercontent.com/2696760/228410609-23c26b01-078b-436c-9406-dc3cb1ed57fc.png">
**Question2: Our charts are signed, how to push/verify the provenance file with oci registry?**
### Question 2: Our charts are signed, how to push/verify the provenance file with oci registry?
The helm push command pushes the provenance file if it exists in the same directory, and the helm pull command could download the provenance file if it is a signed chart. and also you could run helm verify on the chart
```