Push Image or Chart to the Registry#

Helm* charts are pushed using the helm push command.

Docker* images are pushed using the docker push command.

To push to the Internal Harbor registry, it is first necessary to retrieve a CLI password through the Internal Harbor web UI. This UI can also provide hints on how to push and pull from the registry using these commands.

Other registries may be managed outside of the Edge Orchestrator service, and may require different credentials or methods to push images or charts. Contact the registry owner for more details.

Procedure#

To login to the Internal Harbor registry, follow these steps:

  1. In a web browser navigate to the Internal Harbor registry URL (for example, https://registry-oci.<CLUSTER_FQDN>).

  2. At the Registry login page choose “Login with IAM” with a user that either has:

    • the group <project-id>_Edge-Manager-Group (gives read-write access)

    • or <project-id>_Edge-Operator-Group (gives read-only access).

  3. This will give access to the private Harbor Projects corresponding to the multi-tenancy projects that the user has access to in the Edge Orchestrator. The Harbor Project name is constructed like catalog-apps-<org-id>-<project-id>.

  4. Click on the project name to access the Harbor project.

  5. Click on the PUSH COMMAND button to see the commands to push an image or chart.

  6. Click on the User Profile icon in the top right corner and copy the CLI Secret.

  7. In a terminal window, use the command-line login to Helm with the username and CLI secret (as password, when prompted):

    helm registry login registry-oci.${CLUSTER_FQDN} -u <username>

  8. Login to Docker with the username and CLI secret (as password, when prompted):

    docker login registry-oci.${CLUSTER_FQDN} -u <username>

  9. Push the image or chart to the registry using the command provided in the Harbor UI.

Note

See an example of this procedure in action in Deployment Example.

If the push process fails, contact a system administrator to check the following:

  • If the registry has the workspace/directory (for example, Project in Harbor).

  • The account has the right permission.

Also, if you push a new container image with the same image name, the existing image could be overwritten with the new image. Intel recommends setting the image tag with the unique version to avoid this issue.