OCI registries serve as centralized repositories for container images, facilitating efficient distribution and collaboration among teams. They provide a single source of truth for container images, making it easier to share, discover, and reuse images across different projects and organizations. By storing Helm charts in OCI registries, you align with industry-standard practices and benefit from the broader ecosystem built around it, like versioning and tagging your Helm charts, just like container images. This enables you to track different versions of your charts and easily manage their lifecycle.
It is important to remark that OCI registries also bring built-in security features such as access control, authentication, and encryption. By storing Helm charts in a secure OCI registry, you can ensure that only authorized users have access to your charts, preventing unauthorized modifications or tampering.
Many CI/CD tools and platforms have built-in integrations with OCI registries. Storing Helm charts in OCI registries allows you to seamlessly integrate chart publishing and distribution into your CI/CD pipelines, enabling automated deployments and updates.
In theory, any Helm chart should work and for demonstration, we are going to use an example from the official Helm repository as a starting point, log in to Singularity Container Services registry, and finally, push that image:
Once the image has been pushed to the registry, an installation is performed as follows, pay attention to the “oci://” part of the URI, that indicates Helm will use an external OCI compliant registry.
It is also possible to pull the chart as a tarball:
And of course, this can be signed using cosign. First, obtain the digest:
Storing Helm charts in Singularity Container Services registry provides a reliable, secure, and scalable solution for managing and distributing your deployments, promoting standardization and enabling efficient collaboration