### Problem to solve Helm 3 is the eagerly awaited next release of Helm, the Kubernetes package manager and deploy tool. With the launch of Helm 3, [which is now in beta](https://helm.sh/blog/helm-v3-beta/), pushing and pulling charts can now be done via OCI Registry. This means that users can now utilize the GitLab Container Registry for hosting Helm charts. The prospect of storing a project's container images and the associated Helm chart in the same place with the same credentials is thrilling. No third party repos are necessary, and the problem of the single-namespaced HTTP Helm repos goes away (i.e. a chart called "service" can only exist once). When pushed to the OCI registry, the Helm chart simply shares the same namespace as the Gitlab project, just like the container images. Project, containers, and helm chart also have the same lifecycle and can be managed together. - The **good** news: It already works, and it's still alpha stage - The **bad** news: the UI does not display the content - The bad part is that the registry UI displays: `No tags in Container Registry for this container image.` and `Something went wrong while fetching the registry list.` ### Intended users * [Delaney (Development Team Lead)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#delaney-development-team-lead) * [Sasha (Software Developer)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#sasha-software-developer) * [Devon (DevOps Engineer)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#devon-devops-engineer) * [Sidney (Systems Administrator)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#sidney-systems-administrator) ### Proposal Update Docker Distribution Registry to add support for additional OCI media types, specifically Helm charts. ### Further details #### Media types - I suspect the problem is similar to MR https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/31127 - I think the media-type that Helm chose is `application/vnd.cncf.helm.config.v1+json`. #### Why is this blocked - This change requires changes to [Docker Distribution Registry](https://github.com/docker/distribution/pull/2934), and it seems these changes are not being moved into releases by Docker. So, we will need to utilize our fork of Docker Registry and make the changes in our fork. - https://gitlab.com/gitlab-org/charts/gitlab/issues/1614 is intended to define a plan for utilizing our fork of DDR. ### Permissions and Security - Follow the same permissions model as the Container Registry: - Reporters and above can view and download charts - Developers and above can view, download, publish and delete charts ### Documentation - [Container Registry Docs](https://docs.gitlab.com/ee/user/packages/container_registry/): Add Helm 3 examples ### What does success look like, and how can we measure that? - Success looks like users can push and pull helm charts to the GitLab Container Registry and see the relevant metadata in the UI. ### Links / references - https://v3.helm.sh/docs/topics/registries/ ### Demo *requires this alpha build: * https://get.helm.sh/helm-v3.0.0-alpha.2-linux-amd64.tar.gz ```bash # helm registry login --password "$(secret-tool lookup username_value tobias.wolf@example.com)" -u tobias.wolf@example.com gitlab.example.com:5005 WARNING! Using --password via the CLI is insecure. Use --password-stdin. Login succeeded # helm create foo Creating foo # helm chart save foo gitlab.example.com:5005/tobias.wolf/build-test/helm/foo:0.0.1 Name: foo Version: 0.1.0 Meta: sha256:42603b382336019d658ec8c0c71c57be421dc49a471ce6c6b776d7834e54cbec Content: sha256:bfc11b014315e14f4191ff0cd53a7f9158db9013722c33919f566ae9d69b8ef1 0.0.1: saved # helm chart push gitlab.example.com:5005/tobias.wolf/build-test/helm/foo:0.0.1 The push refers to repository [gitlab.example.com:5005/tobias.wolf/build-test/helm/foo] Name: foo Version: 0.1.0 Meta: sha256:42603b382336019d658ec8c0c71c57be421dc49a471ce6c6b776d7834e54cbec Content: sha256:bfc11b014315e14f4191ff0cd53a7f9158db9013722c33919f566ae9d69b8ef1 0.0.1: pushed to remote (2 layers, 2.3 KiB total) # rm -rf foo # helm chart remove gitlab.example.com:5005/tobias.wolf/build-test/helm/foo:0.0.1 0.0.1: removed # helm chart list REF NAME VERSION DIGEST SIZE CREATED # helm chart pull gitlab.example.com:5005/tobias.wolf/build-test/helm/foo:0.0.1 0.0.1: Pulling from gitlab.example.com:5005/tobias.wolf/build-test/helm/foo Name: foo Version: 0.1.0 Meta: sha256:42603b382336019d658ec8c0c71c57be421dc49a471ce6c6b776d7834e54cbec Content: sha256:bfc11b014315e14f4191ff0cd53a7f9158db9013722c33919f566ae9d69b8ef1 Status: Chart is up to date for gitlab.example.com:5005/tobias.wolf/build-test/helm/foo:0.0.1 # helm chart list REF NAME VERSION DIGEST SIZE CREATED gitlab.example.com:5005/tobias.wolf/build-test/helm/foo:0.0.1 foo 0.1.0 bfc11b0 2.2 KiB 37 minutes # helm chart export gitlab.example.com:5005/tobias.wolf/build-test/helm/foo:0.0.1 Name: foo Version: 0.1.0 Meta: sha256:42603b382336019d658ec8c0c71c57be421dc49a471ce6c6b776d7834e54cbec Content: sha256:bfc11b014315e14f4191ff0cd53a7f9158db9013722c33919f566ae9d69b8ef1 Exported to foo/ # find foo foo foo/.helmignore foo/charts foo/templates foo/templates/service.yaml foo/templates/ingress.yaml foo/templates/deployment.yaml foo/templates/_helpers.tpl foo/templates/NOTES.txt foo/values.yaml foo/Chart.yaml ```