Optimize Your containerized OCI workflows with the latest Singularity Enterprise release. Dive into the enhancements today.
It is important to remark that OCI registries also bring built-in security features such as access control, authentication, and encryption. By storing Helm charts in a secure OCI registry, you can ensure that only authorized users have access to your charts, preventing unauthorized modifications or tampering.
Many CI/CD tools and platforms have built-in integrations with OCI registries. Storing Helm charts in OCI registries allows you to seamlessly integrate chart publishing and distribution into your CI/CD pipelines, enabling automated deployments and updates.
In theory, any Helm chart should work and for demonstration, we are going to use an example from the official Helm repository as a starting point, log in to Singularity Container Services registry, and finally, push that image:
$ singularity remote get-login-password | \ helm registry login --username USERNAME --password-stdin registry.sylabs.io $ wget https://github.com/helm/helm/raw/1c4885fce74d44b94a8b100f660cca4cc633176c/pkg/repo/repotest/testdata/examplechart-0.1.0.tgz $ helm push examplechart-0.1.0.tgz \ oci://registry.sylabs.io/USERNAME/helm/example
Once the image has been pushed to the registry, an installation is performed as follows, pay attention to the “oci://” part of the URI, that indicates Helm will use an external OCI compliant registry.
$ helm install release-name \ oci://registry.sylabs.io/USERNAME/helm/example/examplechart \ --version 0.1.0 Pulled: registry.sylabs.io/USERNAME/helm/example/examplechart:0.1.0 Digest: sha256:a6c1484454156c2a03...311671c2dfae00eb1 NAME: release-name LAST DEPLOYED: Mon Jun 5 21:55:15 2023 NAMESPACE: default STATUS: deployed REVISION: 1 TEST SUITE: None $ helm list NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION release-name default 1 2023-06-05 21:55:15.767393721 -0600 CST deployed examplechart-0.1.0
It is also possible to pull the chart as a tarball:
$ helm pull oci://registry.sylabs.io/USERNAME/helm/example/examplechart \ --version 0.1.0 Pulled: registry.sylabs.io/USERNAME/helm/example/examplechart:0.1.0 Digest: sha256:a6c1484454156c...311671c2dfae00eb1
And of course, this can be signed using cosign. First, obtain the digest:
DIGEST=$(crane digest registry.sylabs.io/josueneo/helm/example/examplechart:0.1.0)
Then, sign the chart:
$ cosign sign -y --key cosign.key \ registry.sylabs.io/josueneo/helm/example/examplechart@$DIGEST
Storing Helm charts in Singularity Container Services registry provides a reliable, secure, and scalable solution for managing and distributing your deployments, promoting standardization and enabling efficient collaboration
Join Our Mailing List
Enabling Portable and Secure Computing Environments for High-Performance Workloads.As part of their ongoing efforts to streamline workflows, enhance productivity, and save time, engineers, and developers in enterprises and high performance computing (HPC) focused...
Bills of materials or BOMs are nothing new, but they are new in the software industry. They have been part of many supply chains for decades. When you purchase a car or a pharmaceutical device, the manufacturer of those products maintains a list of...