Expanding Chainguard’s Helm chart coverage and deepening user experiences
The "last mile" of Kubernetes deployments can be a long, manual, error-prone hurdle for platform, DevOps, and SRE teams. Managing apps in Kubernetes often demands wrangling complex, interrelated resources like Pods, Deployments, ConfigMaps, and Secrets, defined through YAML manifests that quickly grow difficult to manage, maintain, and standardize at scale. Helm emerged as the community-driven solution to streamline this complexity: a package manager for Kubernetes that simplifies deployments.
While the industry has made significant strides in securing container images, the community Helm charts that define how many of those application images run in production still require significant maintenance and configuration overhead, potentially leading to downstream security issues.
In July, Chainguard took a major step forward in the deployment lifecycle of containerized applications by providing Helm charts designed to work seamlessly with specific “iamguarded” container images.
Today, we’re going further, expanding our Helm chart ecosystem to include community charts and adding greater UI and experience enhancements.
The high cost of manual "toil"
For most organizations, deploying a new application involves a frustrating ritual. Developers must manually locate community charts, verify their provenance, and then hand-edit YAML to support secure container images. This ongoing process often results in hours of troubleshooting due to version mismatches and broken configurations, as well as the toil associated with independently searching for and vetting upstream charts.
This "trial and error" approach becomes an operational bottleneck and a security risk. Relying on unverified community charts often means inheriting insecure default settings or using images that aren't continuously rebuilt from source.
Until now, organizations that relied on community charts lacked a unified, trusted source for both secure-by-default images and their corresponding deployment configurations.
A unified, secure-by-default catalog
The expansion of our Helm charts catalog helps eliminate the manual toil that customers using Helm with our container images experience today by delivering those charts pre-configured to work with Chainguard container images out of the box.
"I'm excited to see Chainguard roll out Helm chart support," said a Sr. Director of Software Engineering at a Fortune 500 financial services firm. "We've had great success in using their images, but pairing them to upstream Helm charts and confirming compatibility has always been a chore. Providing tested Helm charts that work with their images will alleviate hours of monthly toil for my team, which is a huge win."
By co-locating signed charts and images in a single registry, we enable seamless, secure, and verifiable workflows using artifacts from a trusted provider that you can standardize on. This allows customers to meet more use cases and standardize a larger portion of their workloads on secure, trusted artifacts, all while reducing complexity. Whether you’re migrating away from previously freely available charts or simply looking to harden your existing Kubernetes environment, Chainguard’s Helm charts serve as a drop-in replacement that removes the friction of modern software delivery.
Differentiated by rigorous integrity and testing
What sets Chainguard’s Helm charts apart is our commitment to automated integrity and functional validation.
Automated integrity: Every chart is an OCI artifact built from source and cryptographically signed. We provide provenance attestations that link directly to the exact source commit, with all dependent images pinned by digests to prevent tampering.
Rigorous functional testing: Our charts are tested against every supported version stream of their dependent images. Each chart is functionally validated by deploying it into a representative environment and exercising its core functionality, ensuring it works in real-world conditions, not just in theory.
Broad catalog coverage: We are leveraging our robust automation and Chainguard Factory 2.0 to reach hundreds of additional charts by the end of the year.
A modernized Helm experience in the UI
We’ve also upgraded the Helm experience within the Chainguard Console and Directory to provide an "Artifact Hub-like" experience. Users can now visualize the specific images and versions deployed by a given chart and access dedicated tabs for chart metadata and version history. Most importantly, we have introduced a deep-dive view into the chart’s values.yaml right within the UI.
This interactive UI lets you query YAML by key, copy specific configurations, or download the file directly, making it easier than ever to inspect and manage your deployment configurations without leaving the console.
Lowering failure rates and higher stability
By adopting Chainguard’s expanded set of Helm charts, organizations can extend the strong benefit they’re receiving from Chainguard Containers, expanding their artifact footprint to cover more use cases:
Lower operational toil: By leveraging Chainguard’s Helm Charts, organizations can remove the operational friction that comes with the trial and error processes that come with adopting community Helm Charts, relying on drop-in replacements that work OOTB
Lower failure rates and higher confidence/stability: Because Chainguard puts its charts through rigorous functional testing, customers can count on charts working in real-world environments, not just at a single point in time, but as images and charts are updated.
Stronger security: Customers can be confident that the images in their charts will be continuously rebuilt from source, with vulnerabilities eliminated, delivering a higher level of security than community- or traditional distro-based alternatives.
Get started today
Chainguard’s new first-party Helm charts are generally available today. We invite you to explore the new, expanded catalog in the Chainguard Console and Directory and experience the maturity of our artifacts firsthand through the newly enhanced UI. Stop the manual toil and start deploying with total confidence.
Share this article
Related articles
- product
Introducing Fulfillment Dashboard: New artifact requests are now self-serve
Sam Katzen, Staff Product Marketing Manager, and Reid Tatoris, VP of Product
- product
Super SBOMs: See exactly what's inside
Tony Camp, Staff Product Manager
- product
Security baked into your software supply chain: The combined benefit of JFrog and Chainguard
Mandy Hubbard, Senior Technical Product Marketing Manager, and Dafna Zahger Bernanka, JFrog Director of Product Marketing, Security
- product
Introducing automatic, short-lived credentials for Chainguard Libraries for Python
Jason Hall, Principal Software Engineer, and Ross Gordon, Staff Product Marketing Manager
- product
Unwrapping Ruby 4.0: Chainguard delivers a gem just in time for Boxing Day
Sergio Durigan Junior, Senior Software Engineer
- product
Custom Certificates are now available in Custom Assembly
Tony Camp, Staff Product Manager