Harbor does not differentiate tags between images and OCI Charts within same repository

[PoudNL]

Expected behavior and actual behavior:
When we push an OCI helm chart with (for example) version v5.2.1 to a repository that already contains an docker image with tag v5.2.1, the tag is removed from the docker image and applied to the OCI helm chart.
It also happens vice versa, when you already have an OCI Helm chart and push a docker image with the same version, the tag is removed from the Helm Chart.

What I expect is that Harbor differentiates between an OCI Helm chart and a Docker image when it comes to tagging. Now it is not possible to have the helm chart and the docker image in the same repository withing Harbor.

Steps to reproduce the problem:

• Push a docker image to a project with (for example) tag v1.0
• Check if the image has the tag within the project
• Push a Helm chart (OCI) that has the same name as the image and version defined in the Chart.yaml
• Check in harbor the tags of both objects and you will see that the tag is removed from docker image and placed on helm chart

Versions:

• harbor version: v2.10.0-6abb4eab
• docker engine version: 20.10.23 (docker desktop)
• helm version: v3.13.2

[MinerYang]

It is all fundamentally stored as artifact in the db since it's all OCI-compatible products. We prefer you use tags to do the differentiation.

[PoudNL]

Thanks for reviewing my issue, but the problem is that I cannot do any differentiation because the charts and images are sharing the same tag and they are pulled from online repositories. So I am not in control of the tags. Could you please re-open/re-evaluate

For example the vsphere cpi, provided by VMware which introduces a new version every kubernetes release together with a new chart with the same version.
But some more examples from large projects:

Solution	chart version	App version	Repo URL
jetstack/cert-manager	v1.14.5	v1.14.5	https://charts.jetstack.io
cilium/cilium	1.15.4	1.15.4	https://helm.cilium.io/
hashicorp/terraform-cloud-operator	2.4.0	2.4.0	https://helm.releases.hashicorp.com
kasten/k10	6.5.13	6.5.13	https://charts.kasten.io/
vsphere	v1.30.0	v1.30.0	https://kubernetes.github.io/cloud-provider-vsphere

[wy65701436]

Hi @PoudNL, I understand your concern.

However, in the registry, the combination of repository and tag serves as the unique identifier for any individual OCI artifact. You cannot share the same tag between different types of artifacts, such as charts and images.

This structure is fundamental in the OCI registry, and I believe others follow the same principle, as mentioned in the ECR documentation: "For each repository, each tag key must be unique, and each tag key can have only one value."

I suggest using different projects or tags to distinguish them in Harbor

[PoudNL]

I am not very familiar with any other registries and did not test it in others. And i understand the current logic/decisions. But I still disagree the choice, based on what we see in the development world. There are just a lot of charts/images that share the same tag from solutions with a large user base.
And creating different projects within Harbor to solve this issue, feels as a workaround