diff --git a/blog/1.0.0-released/ah-on-ah.png b/blog/1.0.0-released/ah-on-ah.png new file mode 100644 index 0000000..cf18b00 Binary files /dev/null and b/blog/1.0.0-released/ah-on-ah.png differ diff --git a/blog/1.0.0-released/ah.png b/blog/1.0.0-released/ah.png new file mode 100644 index 0000000..3bc802b Binary files /dev/null and b/blog/1.0.0-released/ah.png differ diff --git a/blog/1.0.0-released/index.html b/blog/1.0.0-released/index.html new file mode 100644 index 0000000..e5ed2e1 --- /dev/null +++ b/blog/1.0.0-released/index.html @@ -0,0 +1,2 @@ +1.0.0 Released | Artifact Hub Blog
Artifact Hub Blog

1.0.0 Released

By Matt Farina on +June 23, 2021

We’re happy to announce the release of Artifact Hub 1.0.0.

Artifact Hub

Artifact Hub is more than a website where you can search for cloud native packages. The software that powers the Artifact Hub is open source and can be run by anyone.

The Artifact Hub website has a listing for the Artifact Hub software with directions on how you can install it. The Artifact Hub listing on the Artifact Hub also services as an example of what a listing can display.

Artifact Hub

If you need a software to display your Helm charts, operators, or one of the other many things the Artifact Hub supports you can now use a stable release of the Artifact Hub to do so.

\ No newline at end of file diff --git a/blog/index.html b/blog/index.html index fc458cb..471a944 100644 --- a/blog/index.html +++ b/blog/index.html @@ -1,4 +1,5 @@ -Blogs | Artifact Hub Blog
Artifact Hub Blog

Embed Artifact Details On Your Site

By Matt Farina on +Blogs | Artifact Hub Blog
Artifact Hub Blog

1.0.0 Released

By Matt Farina on +June 23, 2021

We’re happy to announce the release of Artifact Hub 1.0.0.

Artifact Hub

Artifact Hub is more than a website where you can search for cloud native packages. The software that powers the Artifact Hub is open source and can be run by anyone.

Read full post

Embed Artifact Details On Your Site

By Matt Farina on May 18, 2021

Embedded Packages

Ever want to show off a package from the Artifact Hub on a website? I know I’ve thought about putting one in the sidebar of a website. Artifact Hub now makes that easy with a widget you can embed. The above image displays various configurations of the widget you can get from Artifact Hub.

Read full post

Verified Publishers and Official Status

By Matt Farina on February 24, 2021

Ever wonder if you are getting a package for a piece of software from the developer of that software? Or, have you ever wondered if the person who listed a repository or package on the Artifact Hub owns it? If you have, than you’re in luck. The Artifact Hub has badges that can answer those questions for you.

Read full post

Helm Values Schema Reference

By Matt Farina on February 10, 2021

Helm v3 introduced schemas for values. The schemas are written as JSON Schemas and put in a chart in a file named values.schema.json that goes right alongside values.yaml files. Wouldn’t it be great if there was a way to easily use these files to understand the values in a chart? Artifact Hub provides just that with its Values Schema Reference.

Read full post

Discover Tekton Tasks

By Matt Farina on diff --git a/blog/index.xml b/blog/index.xml index 29136c3..67241b6 100644 --- a/blog/index.xml +++ b/blog/index.xml @@ -1,3 +1,5 @@ -Blogs on Artifact Hub Bloghttps://blog.artifacthub.io/blog/Recent content in Blogs on Artifact Hub BlogHugo -- gohugo.ioen-usTue, 18 May 2021 00:00:00 -0500Embed Artifact Details On Your Sitehttps://blog.artifacthub.io/blog/embed-widget/Tue, 18 May 2021 00:00:00 -0500https://blog.artifacthub.io/blog/embed-widget/<p><img src="https://blog.artifacthub.io/blog/embed-widget/embed.png" alt="Embedded Packages" /></p> +Blogs on Artifact Hub Bloghttps://blog.artifacthub.io/blog/Recent content in Blogs on Artifact Hub BlogHugo -- gohugo.ioen-usWed, 23 Jun 2021 00:00:00 -05001.0.0 Releasedhttps://blog.artifacthub.io/blog/1.0.0-released/Wed, 23 Jun 2021 00:00:00 -0500https://blog.artifacthub.io/blog/1.0.0-released/<p>We&rsquo;re happy to announce the release of <a href="https://github.com/artifacthub/hub/releases/tag/v1.0.0">Artifact Hub 1.0.0</a>.</p> +<p><img src="https://blog.artifacthub.io/blog/1.0.0-released/ah.png" alt="Artifact Hub" /></p> +<p>Artifact Hub is more than a website where you can search for cloud native packages. The software that powers the Artifact Hub is open source and can be run by anyone.</p>Embed Artifact Details On Your Sitehttps://blog.artifacthub.io/blog/embed-widget/Tue, 18 May 2021 00:00:00 -0500https://blog.artifacthub.io/blog/embed-widget/<p><img src="https://blog.artifacthub.io/blog/embed-widget/embed.png" alt="Embedded Packages" /></p> <p>Ever want to show off a package from the Artifact Hub on a website? I know I&rsquo;ve thought about putting one in the sidebar of a website. Artifact Hub now makes that easy with a widget you can embed. The above image displays various configurations of the widget you can get from Artifact Hub.</p>Verified Publishers and Official Statushttps://blog.artifacthub.io/blog/verified-and-official-repos/Wed, 24 Feb 2021 00:00:00 -0500https://blog.artifacthub.io/blog/verified-and-official-repos/<p>Ever wonder if you are getting a package for a piece of software from the developer of that software? Or, have you ever wondered if the person who listed a repository or package on the Artifact Hub owns it? If you have, than you&rsquo;re in luck. The Artifact Hub has badges that can answer those questions for you.</p>Helm Values Schema Referencehttps://blog.artifacthub.io/blog/helm-values-schema-reference/Wed, 10 Feb 2021 00:00:00 -0500https://blog.artifacthub.io/blog/helm-values-schema-reference/<p>Helm v3 introduced <a href="https://helm.sh/docs/topics/charts/#schema-files">schemas for values</a>. The schemas are written as JSON Schemas and put in a chart in a file named <code>values.schema.json</code> that goes right alongside <code>values.yaml</code> files. Wouldn&rsquo;t it be great if there was a way to easily use these files to understand the values in a chart? Artifact Hub provides just that with its Values Schema Reference.</p>Discover Tekton Taskshttps://blog.artifacthub.io/blog/discover-tekton-tasks/Thu, 28 Jan 2021 00:00:00 -0500https://blog.artifacthub.io/blog/discover-tekton-tasks/<p>Artifact Hub has already provided search and discovery for Helm charts, OLM based operators, Falco rules, OPA policies, Tinkerbell actions, Krew (kubectl) plugins, and Helm plugins. These are all <a href="https://www.cncf.io/">CNCF</a> project related artifacts. We are happy to share that we have expanded beyond the CNCF to support another non-profit foundation based project with support for <a href="https://tekton.dev/">Tekton</a> tasks.</p>Container Image Scanninghttps://blog.artifacthub.io/blog/container-image-scanning/Wed, 13 Jan 2021 09:00:00 -0500https://blog.artifacthub.io/blog/container-image-scanning/<p>When trying to make a decision about which artifacts to use it&rsquo;s useful to know some information about the security of the artifact. With Artifact Hub, it&rsquo;s possible to see security scans for container based artifacts such as Operator Framework OLM based operators, some Helm Charts, OPA Policies, and Tinkerbell actions.</p>What Is The Artifact Hub?https://blog.artifacthub.io/blog/what-is-artifacthub/Wed, 02 Dec 2020 09:00:00 -0500https://blog.artifacthub.io/blog/what-is-artifacthub/Finding cloud native artifacts on the Internet can be difficult. When we talk about artifacts we mean things like Helm charts, Kubernetes operators, Falco rules, and Open Policy Agent (OPA) policies. If you use a search engine to look for them the results will be mixed with articles, documentation, and discussion. This experience is far from ideal if you want to find a package or tool to install. This has lead to the rise of Hubs like the Helm Hub (which now redirects to the Artifact Hub) and Operator Hub. \ No newline at end of file diff --git a/index.html b/index.html index b440298..3abe2cf 100644 --- a/index.html +++ b/index.html @@ -1,4 +1,5 @@ -Artifact Hub Blog | Artifact Hub Blog
Artifact Hub Blog

Embed Artifact Details On Your Site

By Matt Farina on +Artifact Hub Blog | Artifact Hub Blog
Artifact Hub Blog

1.0.0 Released

By Matt Farina on +June 23, 2021

We’re happy to announce the release of Artifact Hub 1.0.0.

Artifact Hub

Artifact Hub is more than a website where you can search for cloud native packages. The software that powers the Artifact Hub is open source and can be run by anyone.

Read full post

Embed Artifact Details On Your Site

By Matt Farina on May 18, 2021

Embedded Packages

Ever want to show off a package from the Artifact Hub on a website? I know I’ve thought about putting one in the sidebar of a website. Artifact Hub now makes that easy with a widget you can embed. The above image displays various configurations of the widget you can get from Artifact Hub.

Read full post

Verified Publishers and Official Status

By Matt Farina on February 24, 2021

Ever wonder if you are getting a package for a piece of software from the developer of that software? Or, have you ever wondered if the person who listed a repository or package on the Artifact Hub owns it? If you have, than you’re in luck. The Artifact Hub has badges that can answer those questions for you.

Read full post

Helm Values Schema Reference

By Matt Farina on February 10, 2021

Helm v3 introduced schemas for values. The schemas are written as JSON Schemas and put in a chart in a file named values.schema.json that goes right alongside values.yaml files. Wouldn’t it be great if there was a way to easily use these files to understand the values in a chart? Artifact Hub provides just that with its Values Schema Reference.

Read full post

Discover Tekton Tasks

By Matt Farina on diff --git a/index.xml b/index.xml index 8ae04bf..740fb39 100644 --- a/index.xml +++ b/index.xml @@ -1,3 +1,5 @@ -Artifact Hub Bloghttps://blog.artifacthub.io/Recent content on Artifact Hub BlogHugo -- gohugo.ioen-usTue, 18 May 2021 00:00:00 -0500Embed Artifact Details On Your Sitehttps://blog.artifacthub.io/blog/embed-widget/Tue, 18 May 2021 00:00:00 -0500https://blog.artifacthub.io/blog/embed-widget/<p><img src="https://blog.artifacthub.io/blog/embed-widget/embed.png" alt="Embedded Packages" /></p> +Artifact Hub Bloghttps://blog.artifacthub.io/Recent content on Artifact Hub BlogHugo -- gohugo.ioen-usWed, 23 Jun 2021 00:00:00 -05001.0.0 Releasedhttps://blog.artifacthub.io/blog/1.0.0-released/Wed, 23 Jun 2021 00:00:00 -0500https://blog.artifacthub.io/blog/1.0.0-released/<p>We&rsquo;re happy to announce the release of <a href="https://github.com/artifacthub/hub/releases/tag/v1.0.0">Artifact Hub 1.0.0</a>.</p> +<p><img src="https://blog.artifacthub.io/blog/1.0.0-released/ah.png" alt="Artifact Hub" /></p> +<p>Artifact Hub is more than a website where you can search for cloud native packages. The software that powers the Artifact Hub is open source and can be run by anyone.</p>Embed Artifact Details On Your Sitehttps://blog.artifacthub.io/blog/embed-widget/Tue, 18 May 2021 00:00:00 -0500https://blog.artifacthub.io/blog/embed-widget/<p><img src="https://blog.artifacthub.io/blog/embed-widget/embed.png" alt="Embedded Packages" /></p> <p>Ever want to show off a package from the Artifact Hub on a website? I know I&rsquo;ve thought about putting one in the sidebar of a website. Artifact Hub now makes that easy with a widget you can embed. The above image displays various configurations of the widget you can get from Artifact Hub.</p>Verified Publishers and Official Statushttps://blog.artifacthub.io/blog/verified-and-official-repos/Wed, 24 Feb 2021 00:00:00 -0500https://blog.artifacthub.io/blog/verified-and-official-repos/<p>Ever wonder if you are getting a package for a piece of software from the developer of that software? Or, have you ever wondered if the person who listed a repository or package on the Artifact Hub owns it? If you have, than you&rsquo;re in luck. The Artifact Hub has badges that can answer those questions for you.</p>Helm Values Schema Referencehttps://blog.artifacthub.io/blog/helm-values-schema-reference/Wed, 10 Feb 2021 00:00:00 -0500https://blog.artifacthub.io/blog/helm-values-schema-reference/<p>Helm v3 introduced <a href="https://helm.sh/docs/topics/charts/#schema-files">schemas for values</a>. The schemas are written as JSON Schemas and put in a chart in a file named <code>values.schema.json</code> that goes right alongside <code>values.yaml</code> files. Wouldn&rsquo;t it be great if there was a way to easily use these files to understand the values in a chart? Artifact Hub provides just that with its Values Schema Reference.</p>Discover Tekton Taskshttps://blog.artifacthub.io/blog/discover-tekton-tasks/Thu, 28 Jan 2021 00:00:00 -0500https://blog.artifacthub.io/blog/discover-tekton-tasks/<p>Artifact Hub has already provided search and discovery for Helm charts, OLM based operators, Falco rules, OPA policies, Tinkerbell actions, Krew (kubectl) plugins, and Helm plugins. These are all <a href="https://www.cncf.io/">CNCF</a> project related artifacts. We are happy to share that we have expanded beyond the CNCF to support another non-profit foundation based project with support for <a href="https://tekton.dev/">Tekton</a> tasks.</p>Container Image Scanninghttps://blog.artifacthub.io/blog/container-image-scanning/Wed, 13 Jan 2021 09:00:00 -0500https://blog.artifacthub.io/blog/container-image-scanning/<p>When trying to make a decision about which artifacts to use it&rsquo;s useful to know some information about the security of the artifact. With Artifact Hub, it&rsquo;s possible to see security scans for container based artifacts such as Operator Framework OLM based operators, some Helm Charts, OPA Policies, and Tinkerbell actions.</p>What Is The Artifact Hub?https://blog.artifacthub.io/blog/what-is-artifacthub/Wed, 02 Dec 2020 09:00:00 -0500https://blog.artifacthub.io/blog/what-is-artifacthub/Finding cloud native artifacts on the Internet can be difficult. When we talk about artifacts we mean things like Helm charts, Kubernetes operators, Falco rules, and Open Policy Agent (OPA) policies. If you use a search engine to look for them the results will be mixed with articles, documentation, and discussion. This experience is far from ideal if you want to find a package or tool to install. This has lead to the rise of Hubs like the Helm Hub (which now redirects to the Artifact Hub) and Operator Hub. \ No newline at end of file diff --git a/js/en.search-data.min.58d4538d551ccc2f878cb6a11788257b051699dbaa28aa3af615adb7934aa303.js b/js/en.search-data.min.58d4538d551ccc2f878cb6a11788257b051699dbaa28aa3af615adb7934aa303.js deleted file mode 100644 index 47efefe..0000000 --- a/js/en.search-data.min.58d4538d551ccc2f878cb6a11788257b051699dbaa28aa3af615adb7934aa303.js +++ /dev/null @@ -1 +0,0 @@ -'use strict';(function(){const b={};b.doc={id:'id',field:['title','content'],store:['title','href']};const a=FlexSearch.create(b);window.geekdocSearchIndex=a,a.add({id:0,href:'/',title:"Artifact Hub Blog",content:""}),a.add({id:1,href:'/blog/',title:"Blogs",content:""}),a.add({id:2,href:'/blog/embed-widget/',title:"Embed Artifact Details On Your Site",content:"Ever want to show off a package from the Artifact Hub on a website? I know I\u0026rsquo;ve thought about putting one in the sidebar of a website. Artifact Hub now makes that easy with a widget you can embed. The above image displays various configurations of the widget you can get from Artifact Hub.\nGetting a widget for any packages is straight forward. When viewing a package there is a menu with three dots. Under there is an option to get the widget. The Prometheus example below shows you where the option is.\nA modal, like the one below, will pop-up with options you can use to configure the display of the widget.\n Now you can easily show off you charts, plugins, operators, actions, and more.\n"}),a.add({id:3,href:'/blog/verified-and-official-repos/',title:"Verified Publishers and Official Status",content:"Ever wonder if you are getting a package for a piece of software from the developer of that software? Or, have you ever wondered if the person who listed a repository or package on the Artifact Hub owns it? If you have, than you\u0026rsquo;re in luck. The Artifact Hub has badges that can answer those questions for you.\nVerified Publishers To illustrate this we can look at the prometheus chart as it is found in search.\nIn the lower right corner you\u0026rsquo;ll notice a badge notifying that it\u0026rsquo;s a verified publisher. When you mouse over the badge it explains that a verified publisher owns a repository.\nThe process to prove ownership and become a verified publisher is located in the Artifact Hub documentation. The gist behind it is that you need to upload a file to the repository with information signifying ownership.\nOfficial Status Official status is for repositories and packages that ship software they also develop. Prometheus coming from the Prometheus project is an example of something that can get official status while Bitnami packaging and delivering software like WordPress is not. This isn\u0026rsquo;t to say that packages from unofficial organizations can\u0026rsquo;t be excellent and trustworthy. Official status is designed to help those searching for software to be able to identify packages from software developers, if they exist.\nThe above prometheus chart example shows an official badge. When you mouse over the badge it provides some more detail about official status.\nGaining official status is more involved than having a verified repository. There are a number of requirements that need to be met including becoming a verified repository. Once the requirements are met a request needs to be submitted and someone will evaluate the setup to ensure it meets the criteria. All of this is covered in the documentation.\n"}),a.add({id:4,href:'/blog/helm-values-schema-reference/',title:"Helm Values Schema Reference",content:"Helm v3 introduced schemas for values. The schemas are written as JSON Schemas and put in a chart in a file named values.schema.json that goes right alongside values.yaml files. Wouldn\u0026rsquo;t it be great if there was a way to easily use these files to understand the values in a chart? Artifact Hub provides just that with its Values Schema Reference.\nThis image is the Values Schema Reference for the chart that installs the Artifact Hub software.\nOn the left is YAML for the values, on the right is the information from the schema lined up with the YAML on the left, and at the top is a search box with autocomplete.\nUsing this information you can learn more about any chart that provides a schema. Accessing the Values Schema Reference happens through a button in the right sidebar, when a schema is available for a chart.\n"}),a.add({id:5,href:'/blog/discover-tekton-tasks/',title:"Discover Tekton Tasks",content:"Artifact Hub has already provided search and discovery for Helm charts, OLM based operators, Falco rules, OPA policies, Tinkerbell actions, Krew (kubectl) plugins, and Helm plugins. These are all CNCF project related artifacts. We are happy to share that we have expanded beyond the CNCF to support another non-profit foundation based project with support for Tekton tasks.\nTekton is, in the words of their website:\n Tekton is a powerful and flexible open-source framework for creating CI/CD systems, allowing developers to build, test, and deploy across cloud providers and on-premise systems.\n You can browse the existing Tekton tasks (as shown below) and even get your own tasks listed.\n\nTekton is a cd.foundation project. The cd.foundation is another Linux Foundation sub-foundation alongside the CNCF.\n"}),a.add({id:6,href:'/blog/container-image-scanning/',title:"Container Image Scanning",content:"When trying to make a decision about which artifacts to use it\u0026rsquo;s useful to know some information about the security of the artifact. With Artifact Hub, it\u0026rsquo;s possible to see security scans for container based artifacts such as Operator Framework OLM based operators, some Helm Charts, OPA Policies, and Tinkerbell actions.\nOLM Operators When an operator contains an image that can be scanned a grade, the last time the image was scanned, and access to the full report can be found in the sidebar. The image below for the Starboard Operator, provided by the community operators, illustrates a report without vulnerabilities.\nNote: SCRATCH images, such as those that have no underlying layers and only contain a binary, and images with the latest tag being used are not scanned.\nHelm Charts With Helm charts it is possible to opt-in to having the images scanned and a report provided just like OLM based operators. The tavern chart, seen below, provides an example that illustrates a report with no vulnerabilities. Like the OLM operators, it shows a grade, when the last scan was performed, and the ability to see the full report.\nHelm charts do not provide an easy way to obtain all of the images that could possibly be used in a chart. It\u0026rsquo;s not possible to know how to render all charts in all possible configurations to detect the images within them. To enable Artifact Hub to discover the images a chart author needs to list them in annotations within the Chart.yaml file for the chart. The following example shows the format:\nannotations: artifacthub.io/images: |- name: img1 image: repo/img1:1.0.0 - name: img2 image: repo/img2:2.0.0 You can learn more about listing images in the Helm supported annotations documentation.\nHow It Works The security report is generated using Trivy and periodic scans. The scanner checks images that have not been scanned. Images that were last scanned 7 days ago are re-scanned even when there was no change to a package. This will enable the detection of newly discovered CVEs to be shown in the report.\nSome images cannot be scanned, such as those with binaries in a scratch container or those tagged with latest. In those cases a report will not be shown.\nYou can learn more about the security report in the documentation.\n"}),a.add({id:7,href:'/blog/what-is-artifacthub/',title:"What Is The Artifact Hub?",content:"Finding cloud native artifacts on the Internet can be difficult. When we talk about artifacts we mean things like Helm charts, Kubernetes operators, Falco rules, and Open Policy Agent (OPA) policies. If you use a search engine to look for them the results will be mixed with articles, documentation, and discussion. This experience is far from ideal if you want to find a package or tool to install.\nThis has lead to the rise of Hubs like the Helm Hub (which now redirects to the Artifact Hub) and Operator Hub. These hubs made it possible to discover distributed artifacts for one project or another. These hubs improved the experience but were still missing an opportunity.\nIn November 2019, Dan Kohn brought together people from the Helm, Operator Framework, and KUDO projects to discuss the idea of one hub that would make discovery of all these things possible. This happened over lunch at CloudNativeCon/KubeCon in San Diego. It was one of the many times that Dan brought people together to try and make something happen for the broader cloud native community.\nThe Artifact Hub was born out of this idea Dan had. It has come a long way since its initial release. You can now find artifacts from various projects distributed by different people and companies all over the world. You can find projects that relate to each other. You can perform simple searches and you can apply filters. You can be notified when an artifact is updated (webhooks and email). And, so much more.\nThis blog will serve as a place you can learn about the new developments, why features were developed the way they are, and some of the existing features that are little known but useful.\n"}),a.add({id:8,href:'/categories/',title:"Categories",content:""}),a.add({id:9,href:'/tags/',title:"Tags",content:""})})() \ No newline at end of file diff --git a/js/en.search-data.min.f69bc452784b0aa3fe330a57252904762c3806a6fa407fd4a7ceb096acf3ac7b.js b/js/en.search-data.min.f69bc452784b0aa3fe330a57252904762c3806a6fa407fd4a7ceb096acf3ac7b.js new file mode 100644 index 0000000..87d2eb1 --- /dev/null +++ b/js/en.search-data.min.f69bc452784b0aa3fe330a57252904762c3806a6fa407fd4a7ceb096acf3ac7b.js @@ -0,0 +1 @@ +'use strict';(function(){const b={};b.doc={id:'id',field:['title','content'],store:['title','href']};const a=FlexSearch.create(b);window.geekdocSearchIndex=a,a.add({id:0,href:'/blog/1.0.0-released/',title:"1.0.0 Released",content:"We\u0026rsquo;re happy to announce the release of Artifact Hub 1.0.0.\nArtifact Hub is more than a website where you can search for cloud native packages. The software that powers the Artifact Hub is open source and can be run by anyone.\nThe Artifact Hub website has a listing for the Artifact Hub software with directions on how you can install it. The Artifact Hub listing on the Artifact Hub also services as an example of what a listing can display.\n\nIf you need a software to display your Helm charts, operators, or one of the other many things the Artifact Hub supports you can now use a stable release of the Artifact Hub to do so.\n"}),a.add({id:1,href:'/',title:"Artifact Hub Blog",content:""}),a.add({id:2,href:'/blog/',title:"Blogs",content:""}),a.add({id:3,href:'/blog/embed-widget/',title:"Embed Artifact Details On Your Site",content:"Ever want to show off a package from the Artifact Hub on a website? I know I\u0026rsquo;ve thought about putting one in the sidebar of a website. Artifact Hub now makes that easy with a widget you can embed. The above image displays various configurations of the widget you can get from Artifact Hub.\nGetting a widget for any packages is straight forward. When viewing a package there is a menu with three dots. Under there is an option to get the widget. The Prometheus example below shows you where the option is.\nA modal, like the one below, will pop-up with options you can use to configure the display of the widget.\n Now you can easily show off you charts, plugins, operators, actions, and more.\n"}),a.add({id:4,href:'/blog/verified-and-official-repos/',title:"Verified Publishers and Official Status",content:"Ever wonder if you are getting a package for a piece of software from the developer of that software? Or, have you ever wondered if the person who listed a repository or package on the Artifact Hub owns it? If you have, than you\u0026rsquo;re in luck. The Artifact Hub has badges that can answer those questions for you.\nVerified Publishers To illustrate this we can look at the prometheus chart as it is found in search.\nIn the lower right corner you\u0026rsquo;ll notice a badge notifying that it\u0026rsquo;s a verified publisher. When you mouse over the badge it explains that a verified publisher owns a repository.\nThe process to prove ownership and become a verified publisher is located in the Artifact Hub documentation. The gist behind it is that you need to upload a file to the repository with information signifying ownership.\nOfficial Status Official status is for repositories and packages that ship software they also develop. Prometheus coming from the Prometheus project is an example of something that can get official status while Bitnami packaging and delivering software like WordPress is not. This isn\u0026rsquo;t to say that packages from unofficial organizations can\u0026rsquo;t be excellent and trustworthy. Official status is designed to help those searching for software to be able to identify packages from software developers, if they exist.\nThe above prometheus chart example shows an official badge. When you mouse over the badge it provides some more detail about official status.\nGaining official status is more involved than having a verified repository. There are a number of requirements that need to be met including becoming a verified repository. Once the requirements are met a request needs to be submitted and someone will evaluate the setup to ensure it meets the criteria. All of this is covered in the documentation.\n"}),a.add({id:5,href:'/blog/helm-values-schema-reference/',title:"Helm Values Schema Reference",content:"Helm v3 introduced schemas for values. The schemas are written as JSON Schemas and put in a chart in a file named values.schema.json that goes right alongside values.yaml files. Wouldn\u0026rsquo;t it be great if there was a way to easily use these files to understand the values in a chart? Artifact Hub provides just that with its Values Schema Reference.\nThis image is the Values Schema Reference for the chart that installs the Artifact Hub software.\nOn the left is YAML for the values, on the right is the information from the schema lined up with the YAML on the left, and at the top is a search box with autocomplete.\nUsing this information you can learn more about any chart that provides a schema. Accessing the Values Schema Reference happens through a button in the right sidebar, when a schema is available for a chart.\n"}),a.add({id:6,href:'/blog/discover-tekton-tasks/',title:"Discover Tekton Tasks",content:"Artifact Hub has already provided search and discovery for Helm charts, OLM based operators, Falco rules, OPA policies, Tinkerbell actions, Krew (kubectl) plugins, and Helm plugins. These are all CNCF project related artifacts. We are happy to share that we have expanded beyond the CNCF to support another non-profit foundation based project with support for Tekton tasks.\nTekton is, in the words of their website:\n Tekton is a powerful and flexible open-source framework for creating CI/CD systems, allowing developers to build, test, and deploy across cloud providers and on-premise systems.\n You can browse the existing Tekton tasks (as shown below) and even get your own tasks listed.\n\nTekton is a cd.foundation project. The cd.foundation is another Linux Foundation sub-foundation alongside the CNCF.\n"}),a.add({id:7,href:'/blog/container-image-scanning/',title:"Container Image Scanning",content:"When trying to make a decision about which artifacts to use it\u0026rsquo;s useful to know some information about the security of the artifact. With Artifact Hub, it\u0026rsquo;s possible to see security scans for container based artifacts such as Operator Framework OLM based operators, some Helm Charts, OPA Policies, and Tinkerbell actions.\nOLM Operators When an operator contains an image that can be scanned a grade, the last time the image was scanned, and access to the full report can be found in the sidebar. The image below for the Starboard Operator, provided by the community operators, illustrates a report without vulnerabilities.\nNote: SCRATCH images, such as those that have no underlying layers and only contain a binary, and images with the latest tag being used are not scanned.\nHelm Charts With Helm charts it is possible to opt-in to having the images scanned and a report provided just like OLM based operators. The tavern chart, seen below, provides an example that illustrates a report with no vulnerabilities. Like the OLM operators, it shows a grade, when the last scan was performed, and the ability to see the full report.\nHelm charts do not provide an easy way to obtain all of the images that could possibly be used in a chart. It\u0026rsquo;s not possible to know how to render all charts in all possible configurations to detect the images within them. To enable Artifact Hub to discover the images a chart author needs to list them in annotations within the Chart.yaml file for the chart. The following example shows the format:\nannotations: artifacthub.io/images: |- name: img1 image: repo/img1:1.0.0 - name: img2 image: repo/img2:2.0.0 You can learn more about listing images in the Helm supported annotations documentation.\nHow It Works The security report is generated using Trivy and periodic scans. The scanner checks images that have not been scanned. Images that were last scanned 7 days ago are re-scanned even when there was no change to a package. This will enable the detection of newly discovered CVEs to be shown in the report.\nSome images cannot be scanned, such as those with binaries in a scratch container or those tagged with latest. In those cases a report will not be shown.\nYou can learn more about the security report in the documentation.\n"}),a.add({id:8,href:'/blog/what-is-artifacthub/',title:"What Is The Artifact Hub?",content:"Finding cloud native artifacts on the Internet can be difficult. When we talk about artifacts we mean things like Helm charts, Kubernetes operators, Falco rules, and Open Policy Agent (OPA) policies. If you use a search engine to look for them the results will be mixed with articles, documentation, and discussion. This experience is far from ideal if you want to find a package or tool to install.\nThis has lead to the rise of Hubs like the Helm Hub (which now redirects to the Artifact Hub) and Operator Hub. These hubs made it possible to discover distributed artifacts for one project or another. These hubs improved the experience but were still missing an opportunity.\nIn November 2019, Dan Kohn brought together people from the Helm, Operator Framework, and KUDO projects to discuss the idea of one hub that would make discovery of all these things possible. This happened over lunch at CloudNativeCon/KubeCon in San Diego. It was one of the many times that Dan brought people together to try and make something happen for the broader cloud native community.\nThe Artifact Hub was born out of this idea Dan had. It has come a long way since its initial release. You can now find artifacts from various projects distributed by different people and companies all over the world. You can find projects that relate to each other. You can perform simple searches and you can apply filters. You can be notified when an artifact is updated (webhooks and email). And, so much more.\nThis blog will serve as a place you can learn about the new developments, why features were developed the way they are, and some of the existing features that are little known but useful.\n"}),a.add({id:9,href:'/categories/',title:"Categories",content:""}),a.add({id:10,href:'/tags/',title:"Tags",content:""})})() \ No newline at end of file diff --git a/js/en.search.min.js b/js/en.search.min.js index f30b29b..2ceea43 100644 --- a/js/en.search.min.js +++ b/js/en.search.min.js @@ -1 +1 @@ -'use strict';(function(){const b=document.querySelector('#gdoc-search-input'),a=document.querySelector('#gdoc-search-results');b.addEventListener('focus',c),b.addEventListener('keyup',d);function c(){b.removeEventListener('focus',c),b.required=!0,e('/js/flexsearch.min.js'),e('/js/en.search-data.min.58d4538d551ccc2f878cb6a11788257b051699dbaa28aa3af615adb7934aa303.js',function(){b.required=!1,d()})}function d(){while(a.firstChild)a.removeChild(a.firstChild);if(!b.value){console.log("empty"),a.classList.remove("has-hits");return}const c=window.geekdocSearchIndex.search(b.value,10);console.log(c.length),c.length>0?a.classList.add("has-hits"):a.classList.remove("has-hits"),c.forEach(function(b){const c=document.createElement('li'),d=c.appendChild(document.createElement('a'));d.href=b.href,d.textContent=b.title,a.appendChild(c),a.classList.add("DUMMY")})}function e(b,c){const a=document.createElement('script');a.defer=!0,a.async=!1,a.src=b,a.onload=c,document.head.appendChild(a)}})() \ No newline at end of file +'use strict';(function(){const b=document.querySelector('#gdoc-search-input'),a=document.querySelector('#gdoc-search-results');b.addEventListener('focus',c),b.addEventListener('keyup',d);function c(){b.removeEventListener('focus',c),b.required=!0,e('/js/flexsearch.min.js'),e('/js/en.search-data.min.f69bc452784b0aa3fe330a57252904762c3806a6fa407fd4a7ceb096acf3ac7b.js',function(){b.required=!1,d()})}function d(){while(a.firstChild)a.removeChild(a.firstChild);if(!b.value){console.log("empty"),a.classList.remove("has-hits");return}const c=window.geekdocSearchIndex.search(b.value,10);console.log(c.length),c.length>0?a.classList.add("has-hits"):a.classList.remove("has-hits"),c.forEach(function(b){const c=document.createElement('li'),d=c.appendChild(document.createElement('a'));d.href=b.href,d.textContent=b.title,a.appendChild(c),a.classList.add("DUMMY")})}function e(b,c){const a=document.createElement('script');a.defer=!0,a.async=!1,a.src=b,a.onload=c,document.head.appendChild(a)}})() \ No newline at end of file diff --git a/sitemap.xml b/sitemap.xml index 77f1a85..3ee8652 100644 --- a/sitemap.xml +++ b/sitemap.xml @@ -1 +1 @@ -https://blog.artifacthub.io/2021-05-18T00:00:00-05:00https://blog.artifacthub.io/blog/2021-05-18T00:00:00-05:00https://blog.artifacthub.io/blog/embed-widget/2021-05-18T00:00:00-05:00https://blog.artifacthub.io/blog/verified-and-official-repos/2021-02-24T00:00:00-05:00https://blog.artifacthub.io/blog/helm-values-schema-reference/2021-02-10T00:00:00-05:00https://blog.artifacthub.io/blog/discover-tekton-tasks/2021-01-28T00:00:00-05:00https://blog.artifacthub.io/blog/container-image-scanning/2021-01-13T09:00:00-05:00https://blog.artifacthub.io/blog/what-is-artifacthub/2020-12-02T09:00:00-05:00https://blog.artifacthub.io/categories/https://blog.artifacthub.io/tags/ \ No newline at end of file +https://blog.artifacthub.io/blog/1.0.0-released/2021-06-23T00:00:00-05:00https://blog.artifacthub.io/2021-06-23T00:00:00-05:00https://blog.artifacthub.io/blog/2021-06-23T00:00:00-05:00https://blog.artifacthub.io/blog/embed-widget/2021-05-18T00:00:00-05:00https://blog.artifacthub.io/blog/verified-and-official-repos/2021-02-24T00:00:00-05:00https://blog.artifacthub.io/blog/helm-values-schema-reference/2021-02-10T00:00:00-05:00https://blog.artifacthub.io/blog/discover-tekton-tasks/2021-01-28T00:00:00-05:00https://blog.artifacthub.io/blog/container-image-scanning/2021-01-13T09:00:00-05:00https://blog.artifacthub.io/blog/what-is-artifacthub/2020-12-02T09:00:00-05:00https://blog.artifacthub.io/categories/https://blog.artifacthub.io/tags/ \ No newline at end of file