rimusz blog

Cloud computing, clusters, containers, Kubernetes, Helm ...

The Central Helm Charts Repository for the Community: ChartCenter

chartcenter top

This year Helm is going to be 5 years old. It’s community has grown a lot and the Helm charts have as well. There is a big number of publicly available Helm repositories and charts, and that number is continuously growing. While this is great for the community, it can be challenging to find the right repository and the right chart.

This is why I’m so proud to announce the launch of ChartCenter, a free, central repository of public Helm charts for the Kubernetes community. We at the JFrog Community Team have been working very hard in the last 5 months to make this happen and release ChartCenter.

The beautiful ChartCenter UI

ChartCenter has a nice rich UI, where you can search among thousands of Kubernetes-ready packages to find the ones you need. You can discover and launch applications distributed across many public Helm repositories. In this way, ChartCenter is similar to the services Helm Hub and Artifact Hub offer.

chartcenterui

But ChartCenter doesn't stop there and it is much more than just a catalog: it’s a repository of Helm charts that holds immutable versions. So your Helm CLI can pull all the public Helm charts you use from a single, central place with certainty and be your single source of truth.

Every stored Helm chart is also maintained with robust metadata that provides you critical information you need to make smart choices. Here’s what these features mean for you:

Immutable, Versioned Helm Charts

You can always be certain that the Helm chart version you use today is the same as the one you used last month, or last year, even if the Helm chart’s owner improperly changed or deleted it in their repo. ChartCenter will also flag that version if it happens, so you won’t be surprised. ChartCenter also provides a failsafe if the original repo becomes unavailable for any reason.

ChartCenter’s strength is that it keeps metadata for every Helm chart version, apiVersion and appVersion.

chart readme

Chart Usage Data

ChartCenter shows you where else a Helm chart is used as a dependency for another Helm chart (as a subchart).

chart used by

Chart Dependencies Identified

For every Helm chart version, ChartCenter identifies all of the dependencies used, including Docker images and subcharts. You can browse the UI to see all layers for each dependent Docker image.

chart deps

Chart Vulnerabilities Revealed

And my favorite feature: ChartCenter performs a vulnerability analysis of all the Helm chart’s dependent Docker images, powered by the deep-recursive scanning of JFrog Xray. So you can assess the security risks of any Kubernetes app before you deploy it.

chart vulnerabilities

Chart Security Mitigation for Maintainers

ChartCenter also provides chart maintainers the ability to provide mitigation notes and an overview of the status of the chart security on the UI. A security-mitigation.yaml file was developed so you as a chart maintainer can tag CVEs and provide notes for your chart users.

chart mitigation

Using ChartCenter

Now that we’ve covered some of the features of ChartCenter, let’s check out how it is easy to use ChartCenter with a Helm client.

Step 1: Add ChartCenter as your Helm repository

Set your Helm client to use the ChartCenter repository as your single central location to consume charts from:

$ helm repo add center https://repo.chartcenter.io
$ helm repo update
$ helm search repo center/

The last command will show a big list of charts from around 200+ Helm repositories available in ChartCenter. We’ve made some index.yaml optimizations resulting in a smaller index.yaml size to speed up Helm client usage, which is especially needed in CI/CD Pipelines when Helm client runs in a docker container.

Step 2: Using ChartCenter as a repository

Now let’s check a few Helm repositories:

$ helm search repo center/stable/nginx-ingress
NAME                            CHART VERSION   APP VERSION DESCRIPTION
center/stable/nginx-ingress 1.39.1          0.32.0      An nginx Ingress controller that uses ConfigMap…

$ helm search repo center/jetstack/cert-manager
NAME                                CHART VERSION   APP VERSION DESCRIPTION
center/jetstack/cert-manager    v0.15.1         v0.15.1     A Helm chart for cert-manager

Here, you’re able to see how much easier it is to use one central repository than it is to add many Helm repositories.

Step 3: Install a chart from ChartCenter repository

And to install a chart:

$ helm upgrade --install cert-manager --namespace cert-manager \
center/jetstack/cert-manager

As you see the only change you have to make is to add an extra namespace center to your Helm commands and just use one public Helm repository from now one.

How to add your Helm repository to ChartCenter

It’s as easy to add the Helm repository to ChartCenter as opening a PR in ChartCenter Github repo. Just click on the UI button Add Chart which will bring you to the inclusion process guidelines.

In a few months, we plan on expanding the inclusion process and improving the way charts can be added directly.

Charting the New Horizons

ChartCenter’s launch today is just the start of a journey to better Helm Chart consumption. There are plenty of new features to come, many of which we’d like you to help us with!

We the JFrog Community Team would also like to work directly with the community to build out these features and we’d love to get your input on things such as improvements to the UI, additional security information, Helm plugin considerations and Helm repository best practices.

Please provide us input on the public roadmap/issues in ChartCenter GiHub repo and checkout ChartCenter today.

Safe Charting!

Rimas Mocevicius

Cloud Native, Kubernetes, Co-founder of Helm, CKA, CoreOS Essentials book author, Kubernaut at JFrog

Vilnius, Lithuaniahttps://rimusz.net