This year Helm is going to be 5 years old. It’s community has grown a lot and the Helm charts have as well. There is a big number of publicly available Helm repositories and charts, and that number is continuously growing. While this is great for the community, it can be challenging to find the right repository and the right chart.
This is why I’m so proud to announce the launch of ChartCenter, a free, central repository of public Helm charts for the Kubernetes community. We at the JFrog Community Team have been working very hard in the last 5 months to make this happen and release ChartCenter.
The beautiful ChartCenter UI
ChartCenter has a nice rich UI, where you can search among thousands of Kubernetes-ready packages to find the ones you need. You can discover and launch applications distributed across many public Helm repositories. In this way, ChartCenter is similar to the services Helm Hub and Artifact Hub offer.
But ChartCenter doesn't stop there and it is much more than just a catalog: it’s a repository of Helm charts that holds immutable versions. So your Helm CLI can pull all the public Helm charts you use from a single, central place with certainty and be your single source of truth.
Every stored Helm chart is also maintained with robust metadata that provides you critical information you need to make smart choices. Here’s what these features mean for you:
Immutable, Versioned Helm Charts
You can always be certain that the Helm chart version you use today is the same as the one you used last month, or last year, even if the Helm chart’s owner improperly changed or deleted it in their repo. ChartCenter will also flag that version if it happens, so you won’t be surprised. ChartCenter also provides a failsafe if the original repo becomes unavailable for any reason.
ChartCenter’s strength is that it keeps metadata for every Helm chart version, apiVersion and appVersion.
Chart Usage Data
ChartCenter shows you where else a Helm chart is used as a dependency for another Helm chart (as a subchart).
Chart Dependencies Identified
For every Helm chart version, ChartCenter identifies all of the dependencies used, including Docker images and subcharts. You can browse the UI to see all layers for each dependent Docker image.
Chart Vulnerabilities Revealed
And my favorite feature: ChartCenter performs a vulnerability analysis of all the Helm chart’s dependent Docker images, powered by the deep-recursive scanning of JFrog Xray. So you can assess the security risks of any Kubernetes app before you deploy it.
Chart Security Mitigation for Maintainers
ChartCenter also provides chart maintainers the ability to provide mitigation notes and an overview of the status of the chart security on the UI. A security-mitigation.yaml file was developed so you as a chart maintainer can tag CVEs and provide notes for your chart users.
Now that we’ve covered some of the features of ChartCenter, let’s check out how it is easy to use ChartCenter with a Helm client.
Step 1: Add ChartCenter as your Helm repository
Set your Helm client to use the ChartCenter repository as your single central location to consume charts from:
$ helm repo add center https://repo.chartcenter.io $ helm repo update $ helm search repo center/
The last command will show a big list of charts from around 200+ Helm repositories available in ChartCenter. We’ve made some index.yaml optimizations resulting in a smaller index.yaml size to speed up Helm client usage, which is especially needed in CI/CD Pipelines when Helm client runs in a docker container.
Step 2: Using ChartCenter as a repository
Now let’s check a few Helm repositories:
$ helm search repo center/stable/nginx-ingress NAME CHART VERSION APP VERSION DESCRIPTION center/stable/nginx-ingress 1.39.1 0.32.0 An nginx Ingress controller that uses ConfigMap… $ helm search repo center/jetstack/cert-manager NAME CHART VERSION APP VERSION DESCRIPTION center/jetstack/cert-manager v0.15.1 v0.15.1 A Helm chart for cert-manager
Here, you’re able to see how much easier it is to use one central repository than it is to add many Helm repositories.
Step 3: Install a chart from ChartCenter repository
And to install a chart:
$ helm upgrade --install cert-manager --namespace cert-manager \ center/jetstack/cert-manager
As you see the only change you have to make is to add an extra namespace
center to your Helm commands and just use one public Helm repository from now one.
How to add your Helm repository to ChartCenter
In a few months, we plan on expanding the inclusion process and improving the way charts can be added directly.
Charting the New Horizons
ChartCenter’s launch today is just the start of a journey to better Helm Chart consumption. There are plenty of new features to come, many of which we’d like you to help us with!
We the JFrog Community Team would also like to work directly with the community to build out these features and we’d love to get your input on things such as improvements to the UI, additional security information, Helm plugin considerations and Helm repository best practices.