[ALL CHARTS] publish Prometheus community charts to OCI registry

[scottrigby]

Is your feature request related to a problem ?

This January Helm completed and released full OCI support, moving OCI from experimental to a fully supported feature. Since then users have been able to install Helm charts completely from OCI rather than only from Helm HTTP repos.

However, Prometheus community Helm chart users are not able to pull or install Prometheus charts using Helm's OCI registry support, because they are not yet published to a registry.

Additionally, OCI method can reduce memory usage for users installing charts using an agent in the cloud rather than running the Helm client on their local machine, such as Flux. This is especially true of Helm repos with many charts, such as this Prometheus community charts repo, which contains over 30 charts. In a similarly large Helm repo, Bitnami has recently removed all Helm chart package versions older than six months from their repository because the index file has become too large to support all past versions.

Describe the solution you'd like.

Publish all existing Prometheus community chart package versions to an OCI registry.

• GitHub Packages on ghcr.io would be the easiest way to set this up
• Community Flux charts publish to ghcr.io. We have automation set up for this, which we can emulate
• As an admin of this Prometheus community charts repo, and also as a Helm and Flux maintainer, I can help set this up here as well
• The additional OCI support here will not affect the existing HTTP Helm repo support users currently depend on. It will just give those and other users another option to use OCI as well or as a replacement

Describe alternatives you've considered.

We could publish to some other OCI registry, or not publish at all.
If we don't at all, I think the most likely scenario is someone else will fork and set it up on their own.
I believe it will be better to support this here, so all packages are connected to one Git repo.

Additional context.

I don't imagine any objection here. Mainly opening this issue to track the work and for transparency. Will keep status updated here 💖

[monotek]

No objections as long as we run both in parallel at least for a while :)

We migth use something like: https://github.com/appany/helm-oci-chart-releaser
Just need to check how we can add all exisitng charts, but should be scriptable.
Not sure if the old release timestamp can be used though.

[scottrigby]

@monotek 👋

No objections as long as we run both in parallel at least for a while :)

Agreed 👍

We migth use something like: https://github.com/appany/helm-oci-chart-releaser

had a look at that action. It requires adding config for each chart, which I think is not ideal. But even less ideal is it requires updating action config every time you update a chart version - individually inputting each new chart version of each chart in the workflow config. I think that won't fit the needs of this repo.

Just need to check how we can add all existing charts, but should be scriptable.

Yes adding all existing Prometheus community Helm package versions can definitely be scripted. We did a similar thing for the now archived helm/stable and helm/incubator repos using a tool I wrote (https://github.com/scottrigby/helm-adopt-package-history). That tool currently only supports HTTP Helm repos, but I think we can pretty easily add OCI push support as well. Or really whatever tool works in a foolproof and verifiable way.

Not sure if the old release timestamp can be used though.

This can be done for images with OCI metadata. Will have to look into the best way to do this with OCI artifacts according to distribution spec. Let's just make sure this is considered before copying previous chart package versions to the OCI registry.

[monotek]

had a look at that action. It requires adding config for each chart, which I think is not ideal. But even less ideal is it requires updating action config every time you update a chart version - individually inputting each new chart version of each chart in the workflow config. I think that won't fit the needs of this repo.

My favoutrite solution would also be that the ct / chart releaser action would be extendet to support oci releases too.
Not sure if it's worth to wait. There are at least issues available discussing it (helm/chart-releaser-action#107 & helm/chart-releaser#183).

[jkroepke]

Does someone not that all current releases are failing to ghcr.io with 403 forbidden?

[onedr0p]

Yea, it looks like the new versions of OCI charts have stopped being released.

[monotek]

@scottrigby
i rather would remove oci releases now as it does not work reliable.