Denodo Container Registry Quick Start Guide
Denodo offers an artifact registry service with repositories for Denodo Platform container images and Denodo Helm Charts.
This registry service is based on Harbor.
This registry is accessible for people with a Denodo Community Account.
Registries and Repositories
The name of the registry server is harbor.open.denodo.com
There are several project registries based on Denodo Platform versions:
And there can be several image repositories for each project registry, one per containerized application.
Artifact tag names are following Semantic Versioning (SemVer 2) patterns but adapted to the limitations imposed by the Docker specifications for image tags. For example, “+” is not allowed and “-” is used instead.
Finally, the container registry will also host Helm charts as OCI artifacts, so naming policies for chart repositories and version tags will be the same used for container images.
Helm Charts examples:
If you are a customer with a Denodo Support Plan and Denodo Support generates a custom image with a Denodo Hotfix, you will have access to that image through a specific repository that Denodo Support will reference to you.
Hotfix Container examples:
Working with Web Interface
With your Denodo Account you can sign in https://harbor.open.denodo.com to navigate the repositories available to you and to download the artifacts there.
Use the Login via OIDC Provider button that appears on the Harbor login page.
Browsing Registries and Repositories
After logging in, you enter in the Projects page where you can browse the list of registries of images and charts available according to your permissions (each project is equivalent to a registry).
Then you can click on one of the projects available to see the list of repositories available there.
Browsing Images and Helm Charts
Once you select a project (registry), you can click on Repositories to browse the different folders with images or charts. Click on one of these repositories to get access to the list of artifacts for that repository (the different container or chart versions).
If you click on a specific Artifact you will be able to see detailed information about it. In the case that the artifact that you are examining is a Helm Chart you will be able to see the contents of the README.md file for that Chart.
Working with Docker, Kubernetes and Helm CLIs
Create a CLI Secret
To be able to do so, the registry provides a CLI secret for use when logging in from Docker or Helm.
To create the secret click your username at the top of the screen and select User Profile.
Then generate (click on the ... icon) and/or copy your CLI secret.
NOTICE: A user can only have one CLI secret, so when a new secret is generated or created, the old one becomes invalid.
NOTICE: the user profile fields cannot be updated because users are automatically provisioned to use Denodo Community Account Single Sign On (SSO).
Authenticate in Docker CLI with the CLI Secret
Use docker login and provide the credentials.
docker login harbor.open.denodo.com
Authenticate in Kubernetes CLI with the CLI Secret
First you need to create a secret with the provided credentials.
kubectl create secret docker-registry harbor-registry-secret \
After the secret has been created you need to include the harbor-registry-secret name on the imagePullSecrets property of the Pod spec following standard Kubernetes documentation.
Authenticate in Helm CLI with the CLI Secret
The Denodo container registry stores Helm charts as OCI artifacts, so you need to use the command helm registry login and provide the credentials.
helm registry login harbor.open.denodo.com
CLI Secret Expiration
Take into account that the CLI secret is associated with the session token of your Denodo Account. The registry will try to refresh the token, so the CLI secret will be valid after the token expires.
However, if the Denodo Account service does not provide a refresh token or the refresh fails, the CLI secret becomes invalid. In this case, log out and log back in to the registry via your Denodo Account so that the registry can get a new token. The CLI secret will then work again.