Tag overlap in OCI artifacts

Hi, we would like to start pushing OCI artifacts (Helm charts) to DockerHub. We already have several container images published under an organization (Bitnami org), and we would like to push the OCI Helm charts under the same organization. This seems to work fine although the container image and the Helm chart are sharing the same repository, but there is an issue (:warning:) when the container image tag and the OCI Helm chart tag are the same.

In that case, both tags can’t coexist so the latest pushed one will override the already existing one. Let’s see an example:

In the case of bitnami/apache we have a single repository for the two kinds of artifacts (Container image and Helm chart):

The problem is that when using the same tag for both artifacts kinds only the latest one will survive, being the previous one overridden. If we push the Helm chart with the same tag used previously by a container image, it will be overridden and the Docker CLI won’t understand it:

$ docker pull bitnami/apache:2.4.54
2.4.54: Pulling from bitnami/apache
ebb9b49c0132: Pulling fs layer
invalid rootfs in image configuration

Pushing the container image again, the tag is overridden and Docker can pull it without any issue, but this time it’s Helm who doesn’t understand it.

:question: Is there any way for coexistent tags? What do you think could be a solution/workaround for this issue?

Thanks

In different OCI registries, it is possible to have nested paths, so we are able to push container images to bitnami/containers/foo and Helm charts to bitnami/charts/foo so tags won’t collide.
Is this an alternative under the same organization? We know that creating a different org can solve this issue, but we would like to keep everything under the same org because of several reasons (verified publisher, rate limits, etc)

You can use the same tag for a container image’s different architecture, but I don’t think you could use the same tag for a Helm chart.

Sometimes I could use a feature like that on Docker Hub that if it existed. I use it for my local builds. For now, we could use dashes like

bitnami/apache
bitnami/apache-helm
# or
bitnam/helm-apache

I can understand it is not as good as using slashes so you could ask for that feature in the roadmap.

It would probably take time for Docker to discuss it, accept and implement it.

The best would be if different type of objects would not override eachother and we could not docker pull a helm chart. I don’t know if it could be possible in the future.

1 Like

Thank you very much for the detailed explanation.

That would be a valid workaround, the problem is that the OCI Helm chart base name (and tag) can’t be manually customized, they are obtained from the Helm chart metadata:

The registry reference basename is inferred from the chart’s name, and the tag is inferred from the chart’s semantic version. This is currently a strict requirement.

(Helm | Use OCI-based registries)

Definitely, that would be the best option by far, but it seems it is not something to be expected in the short term.