Skip to main content
Version: latest

Add OCI Helm Registry

You can add an OCI type Helm registry to Palette and use the Helm Charts in your cluster profiles.

Prerequisites

  • Credentials to access the OCI registry. If you are using an AWS ECR registry, you must have the AWS credentials to an IAM user or add a trust relationship to an IAM role so that Palette can access the registry.

  • If the OCI registry is using a self-signed certificate, or a certificate that is not signed by a trusted certificate authority (CA), you will need the certificate to add the registry to Palette.

  • Tenant admin access to Palette.

  • If you are using an AWS ECR registry, ensure you have the following Identity Access Management (IAM) permissions attached to the IAM user or IAM role that Palette will use to access the registry. You can reduce the Resource scope from * to the specific Amazon Resource Name (ARN) of the AWS ECR registry you are using.

    {
    "Version": "2012-10-17",
    "Statement": [
    {
    "Sid": "VisualEditor0",
    "Effect": "Allow",
    "Action": [
    "ecr-public:DescribeRegistries",
    "ecr:DescribeImageReplicationStatus",
    "ecr:ListTagsForResource",
    "ecr:ListImages",
    "ecr:DescribeRepositories",
    "ecr:BatchCheckLayerAvailability",
    "ecr:GetLifecyclePolicy",
    "ecr-public:DescribeImageTags",
    "ecr-public:DescribeImages",
    "ecr:GetRegistryPolicy",
    "ecr-public:GetAuthorizationToken",
    "ecr:DescribeImageScanFindings",
    "ecr:GetLifecyclePolicyPreview",
    "ecr:GetDownloadUrlForLayer",
    "ecr-public:GetRepositoryCatalogData",
    "ecr:DescribeRegistry",
    "ecr:GetAuthorizationToken",
    "ecr-public:GetRepositoryPolicy",
    "ecr-public:DescribeRepositories",
    "ecr:BatchGetImage",
    "ecr:DescribeImages",
    "ecr-public:GetRegistryCatalogData",
    "ecr-public:ListTagsForResource",
    "ecr-public:BatchCheckLayerAvailability",
    "ecr:GetRepositoryPolicy"
    ],
    "Resource": "*"
    }
    ]
    }

Add OCI Helm Registry

Use the following steps to add an OCI Helm registry to Palette. Select the tab that corresponds to the type of OCI registry you are adding.

  1. Log in to the Palette as a Tenant administrator.

  2. From the left Main Menu select Tenant Settings.

  3. From the Tenant Settings Menu, Select Registries.

  4. Click on the OCI Registries tab.

  5. Click Add New OCI Registry.

  6. Fill out the Name field and select Helm as the provider type.

  7. Select the OCI Authentication Type as Basic.

  8. Toggle the Synchronization option to enable or disable synchronization for the registry. To learn more about the synchronization behavior of Helm registries, refer to the Helm Registry resource.

  9. Provide the registry URL in the Endpoint field.

  10. Specify the base path in the Base Content Path field. The base path is the path to the repository in the registry where the Helm Charts are stored. You can specify multiple base paths by pressing the Enter key after each path. Providing multiple base paths is useful when Helm Charts are stored in different directories or projects, such as multiple projects in a Harbor registry.

  11. Fill out the Username and Password fields with the credentials to access the registry.

  12. If your OCI registry server is using a self-signed certificate or if the server certificate is not signed by a trusted CA, check the Insecure Skip TLS Verify box to skip verifying the x509 certificate, and click Upload file to upload the certificate.

  13. Click Confirm to complete adding the registry.

Validate

Use the following steps to validate that the OCI registry is added to Palette correctly.

  1. Log in to the Palette.

  2. From the left Main Menu, click on Profiles.

  3. Click Add Cluster Profile.

  4. Provide a name and select the type Add-on.

  5. In the following screen, click Add Helm Chart and select Public Packs.

  6. Verify the Helm Chart registry you added is displayed in the Registry drop-down Menu.