When setting up and running IT platforms, one goal I strive for is to reduce the amount of tools and vendors. The reason for this is to reduce the overall maintenance burden over time and even more importantly to reduce the number of different user directories that needs to maintained.

Since we are running a container based workload with Kubernetes, we require both an image registry as well as a Helm chart repository; this has created the need for several different repositories. With the release of Helm 3, we now have experimental support to store our Helm charts in a OCI compliant registry.

Google Artifact Registry is a new product from Google Cloud that enables us to create repositories for Docker images, Maven, NPM and APT and it is OCI compliant, meaning it can host our Helm charts as well.

Configuration

We start by creating a new repository for Docker images in Artifact Registry, in this example we will call our registry demo-docker-repository.

gcloud artifacts repositories create demo-docker-repository --location=europe-north1 --repository-format=docker
# Create request issued for: [demo-docker-repository]
# Waiting for operation [projects/predictly-demo/locations/europe-north1/operations/b0830b6b-4289-433e-9eb3-9124b7c10727] to complete...done.
# Created repository [demo-docker-repository]

Our next step is to make sure we have a service account that has the necessary permissions, the roles Artifact Registry Reader and Artifact Registry Writer grants the different necessary permissions needed to interact with Artifact Registry.

Package and push chart

With our service account setup, we can now interact with our Artifact Registry and store our Helm package in OCI format in our Docker registry.

export HELM_EXPERIMENTAL_OCI=1
# Login to Artifact Registry, registry named demo-docker-repository in project predictly-demo
echo ${GCLOUD_SERVICE_KEY} | helm registry login europe-north1-docker.pkg.dev/predictly-demo/demo-docker-repository/build-app-helm -u _json_key --password-stdin
# Package contents of folder named helm as an OCI formatted package
helm chart save helm europe-north1-docker.pkg.dev/predictly-demo/demo-docker-repository/build-app-helm:0.0.5
helm chart push europe-north1-docker.pkg.dev/predictly-demo/demo-docker-repository/build-app-helm:0.0.5

The result of the command above can be seen in Artifact Registry

Artifact Registry

build-app is the actual Docker image of our application while build-app-helm is our newly OCI packaged Helm archive.

Pull and extract chart

The next step in our process will be to pull and extract the stored OCI so that we can deploy our Helm package in our Kubernetes cluster.

export HELM_EXPERIMENTAL_OCI=1
echo ${GCLOUD_SERVICE_KEY} | helm registry login europe-north1-docker.pkg.dev/predictly-demo/demo-docker-repository/build-app-helm -u _json_key --password-stdin
helm chart pull europe-north1-docker.pkg.dev/predictly-demo/demo-docker-repository/build-app-helm:0.0.5
helm chart export europe-north1-docker.pkg.dev/predictly-demo/demo-docker-repository/build-app-helm:0.0.5

After running this command, the Helm chart will be in a folder named after your chart, i.e. build-app since I have set the property name to build-app in Chart.yaml

Focus on the right type of problem

In the end, those that spend their time solving problems that will differentiate us from our competitors will gain an advantage. Reducing tech sprawl and having fewer systems that are managed by us is a key success factor for achieving this.

By adopting Google Artifact Registry we can reduce our maintenance burden by storing our packaged Helm charts in the same registry as we store our regular Docker images.

Fler insikter och blogginlägg

När vi stöter på intressanta tekniska saker på våra äventyr så brukar vi skriva om dom. Sharing is caring!