►
From YouTube: From ChartMuseum to Harbor Josh Dolitsky, Blood Orange
Description
Join us for Kubernetes Forums Seoul, Sydney, Bengaluru and Delhi - learn more at kubecon.io
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
From ChartMuseum to Harbor Josh Dolitsky, Blood Orange
Join us for KubeCon + CloudNativeCon in San Diego, November 18 - 21. Learn more at http://bit.ly/2lmMzip. The conference features presentations from developers and end-users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
A
Sort
of
what's
going
on
with
helm
three
and
the
registry
stuff.
So
if
you've
heard
of
this,
it's
a
new
concept,
that's
been
going
on
actually
for
years
and
I'm
going
to
go
through
the
story
about
how
this
came
about.
But
in
helm,
three
we're
making
a
push
to
put
charts
into
docker
registries.
So
I'm
going
to
talk,
it's
not
so
much
about
chart,
museum
or
harbor,
but
kind
of
where
we're
at
where
things
are
going.
Things
like
that.
A
A
So
that's
sort
of
how
I
got
involved
with
the
helm
team
and
now
I'm,
one
of
the
maintainer
of
helm,
so
super
appreciative
to
be
involved
with
that
group
of
people
very
nice
group
of
people
very
welcoming
so
and
yeah
so
I'm
I'm
here
to
tell
you
a
story
about
where
this
registry
stuff
came
from
and
I'm
going
to
make
a
prediction,
but
first
so
I'm
sponsoring
the
lunch
today.
So
I'll
keep
this
up
for
a
second.
If
you
want
a
QR
code
me
and
check
out
my
website,
I'll
leave
it
for
one.
A
More
second
hope
you
enjoy
the
lunch
so
yeah,
so
today,
I'm
going
to
make
a
prediction
about
the
future,
but
I
don't
think
it's
too
crazy,
and
that
is
that
by
2021,
OCI
distribution
will
become
the
standard
for
sharing
things
cloud
native,
such
as
helm,
charts,
I,
don't
think!
That's
too
bold,
since
it's
cloud
natives
in
there,
but
I
can
see
2021
a
lot
of
other
things
going
this
direction
as
well.
A
So
the
title
of
this
talk
is
chart
museum
to
harbour,
but
really
what
it
should
be
is
how
do
we
go
from
the
Rube
Goldberg
machine
to
OCI
spec,
but
we'll
get
back
to
that
in
a
second.
If
you're
asking
what
so
see,
I
will
get
back
to
that
in
a
second.
So
what
is
chart
museum
for
those
that
have
not
heard
of
it?
A
A
Lots
of
lots
of
companies
are
using
this
as
a
more
advanced
chart
solution
to
build
sort
of
a
platform
as
a
service
behind
the
scenes
and
as
all
sorts
of
different
features.
If
you
want
more
information,
there's
a
website
shark
museum,
calm,
but
github,
calm,
helm,
org,
slash
shark
museum,
but
if
you,
if
you've
seen
any
of
the
other
talks
about
chart
repos,
this
is
a
very
simple
way
to
run
a
chart
repo.
So
this
is
a
anonymous
quote.
A
A
When,
when
it
started
to
pop
up
that
chart,
repos
were
not
kind
of
enough
to
cut
it
so
early
2017.
This
is
before
I
had
even
used
kubernetes.
To
be
honest,
Quay
team
released
a
called
app
registry.
An
app
registry
was
sort
of
a
layer
that
was
on
top
of
a
docker
registry
that
let
you
push
things
such
as
ham
charts
and,
at
the
same
time
they
released
a
Help
Luggin.
A
So
you
could
do
helm
registry
XYZ
and
do
things
just
like
docker,
so
this
idea
has
actually
been
around
since
beginning
of
2017,
and
only
now
are
we
really
starting
to
see
traction.
So
it's
kind
of
I
don't
know
it's
funny
like
that.
But
it's
it's
it's
worth
mentioning
that
the
originators
of
this
entire
concept
is
quake
and
core
OS
and
Antoine,
who
I
think
is
the
original
developer
and
Jimmy?
Who
I
believe
is
here.
A
We're
kind
of
spearheading
this
project
talking
to
see
gaps
in
the
helm.
Maintainer
is
about
potentially
making
this
an
official,
more
official
way
to
do
things
with
home,
and
this
is
a
screenshot
of
what
that
looks
like.
So
it
looks
similar
to
like
a
docker
hub,
right
or
or
like
way
like
you
can
see
the
chart
in
a
registry
fast
forward
a
little
bit
so,
a
year
ago,
a
little
more
than
a
year
ago,
the
first
helm
summit
Ankush
who's
from
jay
frog.
He
gave
a
talk
about
the
simplicity
of
chart
repos.
A
They
use
a
file
called
index
yamo,
which
lists
every
single
chart
in
the
repo,
and
he
did
this
ridiculous
experiment
where,
if
you
put
50,000
charts
in
a
repo,
your
computer
explodes
so,
but
that
led
us
down
a
rabbit,
hole.
Matt
Farina,
one
of
the
core
maintainer
x',
put
this
huge,
in-depth
proposal
on
the
helm
community
about
solving
this
specific
issue,
but
it
did
not
solve
every
single
issue
so
towards
the
end
of
2018.
I
start
I
decided
since
I
was
sort
of
at
this
intersection.
A
Of
all
these
things,
going
on
with
maintaining
chart
museum
I
would
start
having
these
weekly
meetings
pooling
in
people
such
as
Antoine,
Jimmy,
Ankush,
Matt,
Farina
and
all
the
people
who
have
been
involved
in
this
discussion,
and
we
started
asking
ourselves:
how
can
we
do
fine-grain
authorization?
So
if
you
do
a
helm,
repo
ad,
this
thing,
you
see
everyone's
charts
in
your
organization
right,
compare
that
to
docker,
where
you
don't
know.
A
What's
in
the
registry,
you
pull
what
you
know
you're
getting
so
you
have
this
fine
green
authorization
model
and
then
another
thing
is:
how
do
we
enable
chart
uploads?
So
one
of
the
things
people
love
about
Dockers,
you
can
do
docker
push
and
your
things
in
the
registry
docker
pool,
and
you
can
get
that
thing
out
right
so,
and
this
is
something
that
app
registry
did
off
the
bat
but
we're
talking
about.
How
do
we
make
this
part
of
home
and
then
and
then
there
was
a
historical
event
in
the
world
of
the
cloud.
A
A
If,
if
you're
part
of
this
discussion,
that's
why
this
is
funny
to
you,
but
he
put
together
this.
This
really
big
proposal
that
is
basically
like,
let's
get
rid
of
helm
repo
entirely
and
let's
make
him
exactly
like
docker
right,
but
there
was
so
much
in
this
proposal
and
how
do
we
make
sense
of
it
and
we
had
already
been
having
conversations
before
he
came
in
and
then
he
came
in
with
this
giant.
You
know
10
file
thing,
so
it
really
messed
everything
up.
A
To
be
honest,
we're
in
a
good
place
now
I'll
get
to
that
in
a
few
minutes.
But
but
this
slide
too-
and
this
is
another
anonymous
quote-
this
person
might
be
in
the
room.
This
led
to
seemingly
interminable
registry
discussions
with
which
quite
a
quite
a
deal
of
emotional
drain
on
the
maintainer
x',
because
every
thursday
we
have
a
call-
and
this
kept
coming
up
and
it
was
like
I.
Don't
many
people
were
just
like
I,
don't
even
know.
A
A
Somebody
asked
at
cube
con,
what's
going
to
happen
to
the
museum
which
they
meant
chart,
museum
and
I
responded.
I
have
no
freaking
idea.
This
led
to
more
and
more
conversations,
but
we
realized
the
proper
place
to
have.
This
conversation
was
not
home
because
the
concepts
that
we
were
going
about
were
sort
of
related
to
needing
to
meet
a
spec.
So
instead
we
started
talking
to
OCI,
and
this
was
mainly
led
by
Steve,
with
help
with
Jimmy
who's.
A
A
This
is
something
that,
on
the
website,
this
is
straight
from
the
website.
It's
an
open
governance
structure
for
the
express
purpose
of
creating
standards
around
container
formats
and
runtime.
So
it
says
nothing
about
helm,
charts
right,
so
here's
sort
of
I
I
had
used.
The
I
had
I
had
a
timeline
for
this
that
had
many
years
in
it.
A
I
was
launched,
hey
here's,
a
standard
API
so
that
rocket
and
docker
and-
and
you
can
make
your
own
container
runtime
if
it
matches
the
spec.
It's
supported
by
all
of
these
tools
that
support
the
spec
and
then,
let's
fast
forward
to
last
year,
where
they
already
had
a
image
spec
and
a
runtime
spec.
There
might
be
other
specs,
but
they
they
add
a
what's
known
as
the
distribution
spec,
and
so
what
is
the
distribution
spec?
The
distribution
spec
is
a
standard
for
image
distribution
right.
So
this
is
not.
A
This
is
sort
of
the
API
for
how
you're
pushing
and
pooling
docker
images
to
the
registry.
It
has
nothing
to
do
with
how
these
things
are
stored.
It's
it's
all
about
this.
This
put
API
to
actually
upload
docker
images
as
layers
and
has
all
these
intelligent
things
to
resume
ibly
push
and
resume
ibly
pool,
which
is
very
important
for
containers,
because
they're,
sometimes
gigabyte,
plus
so
just
to
kind
of
visualize.
This.
This
is
a
great
you
know
thing
I
made
with
Google
slides
so
on
the
bottom
you
have.
A
These
are
all
of
these
cloud
registries,
so
docker
hub
being
probably
the
most
popular
you
have
Quay,
and
then
the
major
clouds
and
then
harbor,
which
is
part
of
this
talk
I,
will
get
into
Harbor.
So
when
you
do
a
docker
push
to
any
one
of
these
registries,
this
is
what
we're
talking
about
as
the
OCI
distribution
spec.
So
it
is
the
actual
API
that
you're
using
to
to
do
these
uploads
right
and
downloads.
A
How
do
we
use
this
speck,
even
though
it
says
open
container
initiative?
This
is
a
really
great
API
for
generalized
pushing
and
pulling
of
stuff
right.
What
I
didn't
mention
before
I
think
it
was
on
the
slide,
but
this
API
was
actually
taken
from
the
docker
registry
project
and
put
in
another
repo,
and
that
was
the
spec
so
and
now
it's
evolving
from
there.
But
the
solution
to
this,
which
was
sort
of
spearheaded
by
Steve's
team,
was
the
Auris
project
which
stands
for
OCR
registries
as
storage,
so
this
came.
A
A
A
A
So,
if
you're
super
interested
in
that
I'm
actually
giving
a
workshop
at
how
do
you
convert
that?
That's
235?
And
if
you
want
to
take
a
picture
of
this,
this
is
actually.
This
is
actually
on
the
helm,
docks
of
every
single
way.
You
can
actually
work
with
these
tools
or
work
with
these
commands,
but
that
I'm
actually
going
to
go
into
all
of
those
in
the
workshop.
A
So
this
is
great
like
it
actually
is
really
great.
We
can
now
from
helm
push
charts
in
an
OC
I
compliant
way
up
to
registry,
but
then
the
question
becomes
great.
I
can
push
things,
but
where
do
I
push
them
to
and
that's
sort
of
a
complicated
question
so
Steve
is
the
I
believe
I
believe
that
title
is
project
or
product
owner
something
of
the
azure
container
registry.
So,
of
course,
this
was
supported
by
Asher's
container
registry
out
of
the
box
right,
but
we're
what
we're?
A
What
we're
seeing
is
that
the
ORS
way
of
doing
things
is
not
necessarily
fully
OCI
supported.
Yet
so
there's
this
whole
conversation
going
on
I'll
get
to
that
in
a
little
bit,
but
basically
all
these
other
hubs,
such
as
Amazon's
registry
docker,
hub
they're,
not
going
to
pull
the
trigger
on
this
until
OCI
agrees
that
this
is
the
way
to
do
it
right.
So
this
is
why
we
said
this
is
experimental.
Once
OCI
puts
down
the
hammer,
this
is
Oris
is
the
way
or
some
other
way.
That's
similar
or
completely
different.
A
But
for
now
I
mean
some
like
you
can
push
to
ACR
I
believe
you
can
push
to
get
lab,
but
then
it
doesn't
show
up
in
the
UI
and
then
there's
a
few
other
ones
that
have
this
thing.
Where,
like
you,
can
you
can
push
and
pull
it
like?
It
works
from
the
API,
but
you
have
no
user
to
experience
about
it
and
then
there's
other
ones
like
Amazon
ECR,
which
just
completely
block
anything.
That's
not
a
container
image.
A
A
So
this
is
going
to
be
your
simplest
option,
I'm
going
to
go
into
this
in
depth
in
the
in
the
workshop,
so
docker
distribution-
you
may
also
known
as
the
docker
registry.
It
adheres.
It
adheres
to
the
spec
because
the
damn
spec
was
based
on
it.
It
has
all
sorts
of
different
config
inst,
an
s3
bucket
and
Google
bucket.
All
these
different
types
of
things.
It's
pretty
interesting
that
it
doesn't
use
a
relational
database,
so
it's
very
like
it
works
with
object,
storage
in
a
very
interesting
way,
but
the
most
important
part
is
this
final.
A
The
extension
is
bar
and
I've
actually
ran
a
script
that
has
exported
every
single
chart
from
Home
Hub
and
pushed
it
into
the
registry,
and
you
can
now
download
these
charts
from
bundle
bar.
They
may
be
a
little
outdated.
I
I
still
need
to
do
some
automation,
but
you
can
start
playing
with.
If
you
want
to
register
you
play
with,
you
can
use
bundle
that
bar
so
that's
great,
but
when
we're
talking
about
registries,
there's
a
few
other
questions
that
come
up.
So
how
do
you
scan
for
vulnerabilities?
A
A
How
do
we
integrate
like
when
you
do
a
docker
login?
How
does
that
turn
into
my
github
credentials
or
to
my
Google
credentials?
Sso?
How
do
we
replicate
these
things?
So,
if
you're
talking
about
like
deploying
your
application
across
the
world,
we
want
to
have
one
version
in
Ireland,
one
version
and
the
States
maybe
decided
you
replication,
and
then
how
do
you
get
a
nice,
pretty
user
interface
for
people
who
are
tired
of
using
the
terminal,
but
but
this
doesn't
really
mean
much
for
charts
right
now,
a
lot
of
it
content
trusts.
A
There's
a
someone
in
the
community
named
rod.
You
who's
really
looking
into
this
for
charts
but
scanning,
and
things
like
this
we're
trying
to
figure
out
what
that
even
means-
and
maybe
it
means
looking
at
the
chart.
Looking
at
the
images
that
are
referenced
in
the
chart
and
looking
for
CVS
in
those,
but
so
to
solve
those
problems,
there
is
a
project
called
project
Harbor.
So
Harbor
is
the
second
I
would
say
primary
way
that
you
could
run
this
open
source
and
it
gives
you
a
little
bit
more
than
docker
distribution,
so
docker
or
harbor.
A
A
It
has
hooks
into
oh
I,
DC
and
LDAP,
and
it
actually
it's
kind
of
funny
that
we're
having
this
conversation
it
actually
ships
with
a
version
of
chart
Museum
as
a
back-end,
and
you
can
actually
do
helm
push
via
the
chart,
museum
API,
but
we're
trying
to
get
away
from
that.
So
this
is
this
is
how
you
might
deploy
harbor
into
a
cluster.
With
the
default
settings.
Harbor
has
its
own
helm,
chart
repository,
add
the
Harvard
helm,
chart
repository,
harbour,
slash
harbour
and
you
can
see.
A
A
But
yeah
I
mean
the.
The
main
thing
is
core
core:
is
a
sort
of
a
shim
layer
for
everything.
So
if
you
want
to
get
into
the
you
or
the
register
you're
going
through
cor,
if
you've
deployed
that
with
that
command,
I'm
gonna
post
these
slides
on
the
shed
in
a
bit.
If
you
deployed
that
with
the
command
it
doesn't
expose,
it
doesn't
expose
a
service
or
like
a
public
service.
Rather
so,
if
you
want,
you
can
run
these
grep
aux
stuff
and
open
up
in
a
DAT
and
starts
with
these
super
secure
default
default.
A
A
So
unfortunately,
harbor
doesn't
accept
helm,
charts
at
the
moment
by
default,
so
I
have
a
I
have
a
fork
under
the
blood
orange
IO
that
just
does
a
little
like
it
just
takes
out
all
this
validation.
It's
totally
not
the
right
way
to
do
it,
but
we
need
to
be
working
with
the
harbor
team
and
figuring
this
out,
but
this
allows
getting
any
type
of
content
in
and
then
this
bottom
section
is
give
me
a
DNS.
A
Give
me
a
TLS
suit
from
let's
encrypts,
via
cert
manager
and
with
the
1m
you
can
actually
through
the
ingress
say
only
allow
one
megabyte
things:
helm,
charts
shouldn't
be
more
than
a
megabyte
anyway,
so
yeah
so
using
that
file
back
here
you
would
basically
do
the
same
install,
which
is
what
these
extras
and
now
this
is
what
it
might
look
like.
If
you
have
a
deployed
version
of
harbor,
so
I
have
a
it's
actually
at
home
summit
EU.
You
can
go
to
it
right
now.
This
is
what
it
looks
like
from
the
helm.
A
A
A
We
need
to
work
on
integrating
the
rest
of
the
registry
system
with
things
like
helm,
install,
helm,
upgrade
and
there's
all
sorts
of
places
where
repos
are
sort
of
a
first-class
citizen,
and
we
need
to
make
registries
a
first-class
citizen,
but
the
most
important
thing
really
is
that
the
OCI
artifacts
project,
which
is
a
brand-new
project
based
on
the
pressure
of
all
of
this
new
stuff.
This
is
a
brand-new
project.
A
That's
like
day
one
almost
there
are
going
to
be
conversations
about
putting
the
artifacts
stuff
into
a
spec
and
then
from
there
or
us
will
meet
the
spec
and
then
therefore
helm
will
meet
the
spec.
But,
most
importantly,
we
need
your
help.
So
we
want
you
to
use
this
stuff
and
break
it
and
fix
it
and
submit
a
PR,
and
then
we
don't
have
to
do
anything.