github.com/alibaba/sealer@v0.8.6-0.20220430115802-37a2bdaa8173/docs/site/src/zh/advanced/save-charts-package.md (about) 1 # Save helm chart package 2 3 Sealer support to save raw helm chart package to cloud image as oci format. with this feature, we can pull the helm 4 chart package in other offline production environment. 5 6 ## Prerequisites 7 8 Prepare two nodes named the build node and the run node. At the same time need to install sealer and helm on it. 9 10 ## Examples 11 12 ### On the build node. 13 14 #### Start docker registry to save helm chart package. 15 16 start docker registry to transfer helm chart package to oci format. 17 18 ```shell 19 docker run -p 5000:5000 --restart=always --name registry -v /registry/:/var/lib/registry -d registry 20 ``` 21 22 use helm push to save helm chart package to registry. 23 24 ```shell 25 export HELM_EXPERIMENTAL_OCI=1 26 helm push mysql-8.8.25.tgz oci://localhost:5000/helm-charts 27 ``` 28 29 #### Use sealer build to save helm chart package from local registry to cloud image. 30 31 Prepare Kubefile: 32 33 ```shell 34 [root@iZbp16ikro46xwgqzij67sZ build]# cat Kubefile 35 FROM kubernetes:v1.19.8 36 COPY imageList manifests 37 ``` 38 39 Prepare imageList file: 40 41 ```shell 42 [root@iZbp16ikro46xwgqzij67sZ build]# cat imageList 43 localhost:5000/helm-charts/mysql:8.8.25 44 localhost:5000/helm-charts/nginx:9.8.0 45 ``` 46 47 Then run `sealer build -t my-kubernetes:v1.19.8 -f Kubefile .`and we can 48 use `sealer save my-kubernetes:v1.19.8 -o my-kubernetes.tar` to save the image to the local filesystem. 49 50 ### On the run node. 51 52 load the image `my-kubernetes.tar` from the build node use `sealer load -i my-kubernetes.tar`. 53 54 #### Use sealer run to start the cluster 55 56 ```shell 57 sealer run -d my-kubernetes:v1.19.8 -p password -m 172.16.0.230 58 ``` 59 60 #### Pull Helm chart on the run node. 61 62 When the cluster is up, we can pull the helm chart package use helm pull: 63 64 ```shell 65 export HELM_EXPERIMENTAL_OCI=1 66 helm pull oci://sea.hub:5000/helm-charts/mysql --version 8.8.25 67 ``` 68 69 ## Save ACR chart 70 71 Example to pull `chart-registry.cn-shanghai.cr.aliyuncs.com/aliyun-inc.com/elasticsearch:1.0.1-elasticsearch.elasticsearch` chart. 72 73 1. Login your ACR registry 74 75 ```shell script 76 sealer login sealer login chart-registry.cn-shanghai.cr.aliyuncs.com \ 77 --username cnx-platform@prod.trusteeship.aliyunid.com --passwd xxx 78 ``` 79 80 2. Create Kubefile and imageList 81 82 ```shell script 83 [root@iZ2zeasfsez3jrior15rpbZ chart]# cat imageList 84 chart-registry.cn-shanghai.cr.aliyuncs.com/aliyun-inc.com/elasticsearch:1.0.1-elasticsearch.elasticsearch 85 [root@iZ2zeasfsez3jrior15rpbZ chart]# cat Kubefile 86 FROM kubernetes:v1.19.8 87 COPY imageList manifests 88 ``` 89 90 3. Build CloudImage and save ACR remote chart to local registry 91 92 ```shell script 93 sealer build -t chart:latest . 94 ``` 95 96 4. Run a cluster 97 98 ```shell script 99 sealer run chart:latest -m x.x.x.x -p xxx 100 ``` 101 102 5. Try to pull chart using helm from local registry 103 104 ```shell script 105 [root@iZ2zeasfsez3jrior15rpbZ certs]# helm pull oci://sea.hub:5000/aliyun-inc.com/elasticsearch --version 1.0.1-elasticsearch.elasticsearch 106 Warning: chart media type application/tar+gzip is deprecated 107 Pulled: sea.hub:5000/aliyun-inc.com/elasticsearch:1.0.1-elasticsearch.elasticsearch 108 Digest: sha256:c247fd56b985cfa4ad58c8697dc867a69ee1861a1a625b96a7b9d78ed5d9df95 109 [root@iZ2zeasfsez3jrior15rpbZ certs]# ls 110 elasticsearch-1.0.1-elasticsearch.elasticsearch.tgz 111 ``` 112 113 If you got `Error: failed to do request: Head "https://sea.hub:5000/v2/aliyun-inc.com/elasticsearch/manifests/1.0.1-elasticsearch.elasticsearch": x509: certificate signed by unknown authority 114 ` error, trust registry cert on your host: 115 116 ```shell script 117 cp /var/lib/sealer/data/my-cluster/certs/sea.hub.crt /etc/pki/ca-trust/source/anchors/ && update-ca-trust extract 118 ```