https://ocm.software/main/docs/how-to/Recent content in How-to Guides on Open Component ModelHugoen-UShttps://ocm.software/main/docs/how-to/transfer-components-across-an-air-gap/Mon, 01 Jan 0001 00:00:00 +0000https://ocm.software/main/docs/how-to/transfer-components-across-an-air-gap/<h2 id="goal">Goal</h2> <p>Transfer a signed component version from a source registry into an air-gapped target registry using a CTF archive as the transport medium. An air-gapped environment is a network that is physically isolated from untrusted networks such as the public internet.</p>https://ocm.software/main/docs/how-to/configure-credentials-for-ocm-controllers/Mon, 01 Jan 0001 00:00:00 +0000https://ocm.software/main/docs/how-to/configure-credentials-for-ocm-controllers/<h2 id="goal">Goal</h2> <p>Configure credentials to allow OCM Controllers to access OCM components stored in private OCI registries.</p> <h2 id="you-will-end-up-with">You will end up with</h2> <ul> <li>A Kubernetes secret containing registry credentials</li> <li>OCM Controller resources configured to use these credentials</li> <li>Verified access to private OCM repositories</li> </ul> <p><strong>Estimated time:</strong> ~5 minutes</p>https://ocm.software/main/docs/how-to/configure-credentials-for-multiple-registries/Mon, 01 Jan 0001 00:00:00 +0000https://ocm.software/main/docs/how-to/configure-credentials-for-multiple-registries/<h2 id="goal">Goal</h2> <p>Configure OCM to authenticate against multiple OCI registries — pinning explicit credentials for specific registries while using Docker config as a catch-all fallback.</p>https://ocm.software/main/docs/how-to/generate-signing-keys/Mon, 01 Jan 0001 00:00:00 +0000https://ocm.software/main/docs/how-to/generate-signing-keys/<h2 id="goal">Goal</h2> <p>Generate an RSA key pair that can be used to sign and verify OCM component versions.</p> <h2 id="youll-end-up-with">You&rsquo;ll end up with</h2> <ul> <li>A private key file for signing component versions</li> <li>A public key file for sharing with consumers who need to verify signatures</li> </ul> <p><strong>Estimated time:</strong> ~2 minutes</p>https://ocm.software/main/docs/how-to/configure-credentials-for-signing/Mon, 01 Jan 0001 00:00:00 +0000https://ocm.software/main/docs/how-to/configure-credentials-for-signing/<p>Set up credential configuration so OCM can find your signing keys when signing or verifying component versions.</p> <h2 id="youll-end-up-with">You&rsquo;ll end up with</h2> <ul> <li>A configured <code>.ocmconfig</code> file that OCM uses to locate your signing keys</li> <li>Ability to sign and verify component versions without specifying key paths manually</li> </ul> <p><strong>Estimated time:</strong> ~3 minutes</p>https://ocm.software/main/docs/how-to/sign-component-versions/Mon, 01 Jan 0001 00:00:00 +0000https://ocm.software/main/docs/how-to/sign-component-versions/<h2 id="goal">Goal</h2> <p>Sign a component version to certify its authenticity and enable downstream verification.</p> <h2 id="youll-end-up-with">You&rsquo;ll end up with</h2> <ul> <li>A component version with a cryptographic signature attached</li> </ul> <p><strong>Estimated time:</strong> ~3 minutes</p>https://ocm.software/main/docs/how-to/verify-component-versions/Mon, 01 Jan 0001 00:00:00 +0000https://ocm.software/main/docs/how-to/verify-component-versions/<h2 id="youll-end-up-with">You&rsquo;ll end up with</h2> <ul> <li>Confidence that a component version is authentic and hasn&rsquo;t been tampered with</li> </ul> <p><strong>Estimated time:</strong> ~3 minutes</p>https://ocm.software/main/docs/how-to/download-resources-from-component-versions/Mon, 01 Jan 0001 00:00:00 +0000https://ocm.software/main/docs/how-to/download-resources-from-component-versions/<h2 id="goal">Goal</h2> <p>Download resources from a component version using the OCM CLI. Learn how to fetch specific resources, optionally transform them to their native format, and save them to your local filesystem.</p>https://ocm.software/main/docs/how-to/migrate-legacy-credentials/Mon, 01 Jan 0001 00:00:00 +0000https://ocm.software/main/docs/how-to/migrate-legacy-credentials/<h2 id="goal">Goal</h2> <p>Migrate an existing legacy OCM <code>.ocmconfig</code> file so it works with the new OCM.</p> <div class="callout callout-caution d-flex flex-row mt-4 mb-4 pt-4 pe-4 pb-2 ps-3"><div class="callout-content"><div class="callout-body"><p><code>HashiCorpVault/v1</code>, <code>GardenerConfig/v1</code>, and <code>NPMConfig/v1</code> are not yet available in the new OCM. If you rely on these, stay on legacy OCM for now.</p>https://ocm.software/main/docs/how-to/migrate-from-fallback-to-deterministic-repository-resolvers/Mon, 01 Jan 0001 00:00:00 +0000https://ocm.software/main/docs/how-to/migrate-from-fallback-to-deterministic-repository-resolvers/<h2 id="goal">Goal</h2> <p>Replace the deprecated <code>ocm.config.ocm.software</code> fallback resolver configuration with the new <code>resolvers.config.ocm.software/v1alpha1</code> glob-based resolvers.</p> <div class="callout callout-caution d-flex flex-row mt-4 mb-4 pt-4 pe-4 pb-2 ps-3"><div class="callout-content"><div class="callout-body"><p>The fallback resolver (<code>ocm.config.ocm.software</code>) is deprecated. It uses priority-based ordering with prefix matching and probes multiple repositories until one succeeds. The glob-based resolver (<code>resolvers.config.ocm.software/v1alpha1</code>) replaces it with first-match glob-based matching against component names, which is simpler and more efficient.</p>https://ocm.software/main/docs/how-to/resolving-components-across-multiple-registries/Mon, 01 Jan 0001 00:00:00 +0000https://ocm.software/main/docs/how-to/resolving-components-across-multiple-registries/<h2 id="goal">Goal</h2> <p>Configure an <code>.ocmconfig</code> file with resolver entries so the OCM CLI can recursively resolve component references stored in different OCI registries.</p>https://ocm.software/main/docs/how-to/transfer-helm-charts-with-ocm/Mon, 01 Jan 0001 00:00:00 +0000https://ocm.software/main/docs/how-to/transfer-helm-charts-with-ocm/<h2 id="goal">Goal</h2> <p>Transfer a component version that contains a Helm chart resource sourced from a <strong>Helm repository</strong> (type <code>helmChart</code> with <code>Helm/v1</code> access) to an OCI registry. This guide does not cover charts that are already stored as OCI artifacts.</p>https://ocm.software/main/docs/how-to/how-to-use-the-ocm-cli-container-image/Mon, 01 Jan 0001 00:00:00 +0000https://ocm.software/main/docs/how-to/how-to-use-the-ocm-cli-container-image/<h2 id="goal">Goal</h2> <p>This How-To will show you how to use the OCM CLI container image to create and get a component version.</p>https://ocm.software/main/docs/how-to/deploy-manifests-with-deployer/Mon, 01 Jan 0001 00:00:00 +0000https://ocm.software/main/docs/how-to/deploy-manifests-with-deployer/<p>This guide shows how to deploy raw Kubernetes manifests from an OCM component version using the OCM Controllers&rsquo; built-in Deployer. This approach requires only the OCM Controllers—no kro or Flux needed.</p>https://ocm.software/main/docs/how-to/model-software-products/Mon, 01 Jan 0001 00:00:00 +0000https://ocm.software/main/docs/how-to/model-software-products/<h2 id="goal">Goal</h2> <p>Most products consist of multiple independently versioned services. This guide uses OCM component references to pin those services into a single <a href="https://ocm.software/docs/overview/benefits-of-ocm/#create-a-software-bill-of-delivery" target="_blank" rel="noopener">Software Bill of Delivery</a> — a versioned, auditable record of what a release contains.</p>https://ocm.software/main/docs/how-to/configure-custom-rbac-for-deployers/Mon, 01 Jan 0001 00:00:00 +0000https://ocm.software/main/docs/how-to/configure-custom-rbac-for-deployers/<p>The OCM K8s Toolkit controller, ships with the minimum RBAC permissions needed to manage its own custom resources (<code>Repository</code>, <code>Component</code>, <code>Resource</code>, <code>Deployer</code>). It does <strong>not</strong> include permissions for third-party resources that your deployers may create or manage.</p>