Introducing First-Party Helm Charts for Chainguard Containers

Kubernetes has revolutionized the way organizations deploy and scale containerized applications — but not without cost. Managing apps in Kubernetes often demands wrangling complex, interrelated resources like Pods, Deployments, ConfigMaps, and Secrets. These resources are defined through YAML manifests that, while powerful, quickly grow difficult to manage, maintain, and standardize at scale. Helm emerged as the community-driven solution to streamline this complexity: a package manager for Kubernetes that simplifies deployments using Helm charts, which encapsulate all necessary configuration into versioned, shareable packages. 

At Chainguard, we’re transforming how organizations secure their software supply chains by building the safe source for open source. To execute on this mission, we built a catalog of 1,400+ minimal, trusted, and zero-CVE container images that we continuously build and maintain from source. As such, Chainguard Containers have become the industry standard for organizations looking to free their engineering organizations from the toil of managing their open source artifacts while hardening their production environments. But while our container images deliver on reduced toil and improved security, we’ve frequently heard from customers that retrofitting existing upstream Helm charts with Chainguard Containers isn’t straightforward. 

Today, we’re excited to announce the Beta launch of Chainguard’s Helm Charts. With this release, Chainguard is taking a more active role in the deployment lifecycle of containerized applications by providing first-party Helm Charts designed to work seamlessly with our continuously updated container images. 

Simplifying Kubernetes Deployments with First-Party Helm Charts

We are eliminating the friction that previously existed for customers trying to integrate Chainguard container images with third-party Helm charts, removing configuration time and potential deployment errors. With Chainguard’s first-party Helm Charts, we now offer customers a streamlined, end-to-end deployment experience that makes it easy to deploy and manage your containerized applications with Kubernetes.

Each chart is designed to work out-of-the-box with Chainguard container images and is available to customers as OCI artifacts within their private registries. Every chart is packaged with values that default to Chainguard container images, and is tested and updated within the Chainguard Factory to ensure consistent, reliable deployments. 

Unlocking new benefits with Chainguard’s Helm Charts

We’re continuing to evolve and strengthen our approach to Chainguard’s Helm Charts with this beta release, with customers initially seeing three core benefits:

1. Accelerated Deployment

By removing the friction of integrating Chainguard container images into third-party charts, our Helm Charts can reduce time-to-value. Teams can deploy production-grade applications with confidence, using charts that are tested and validated by Chainguard. 

2. Lower Operational and Maintenance Costs

Maintaining Helm charts internally is expensive and time-consuming. By offloading this responsibility to Chainguard, customers can save engineering hours previously spent aligning image configurations and troubleshooting Helm configuration issues. Because our Helm Charts are continuously maintained and updated in lockstep with their container images, teams can reduce the long tail of support and maintenance across their charts and the corresponding images within.

3. More Secure Container Images Across a Given Chart

Chainguard’s Helm Charts leverage container images rebuilt from source daily and backed by our CVE SLA. Rather than cobbling together alternative container images with potential vulnerability risk, customers leveraging Chainguard’s Helm Charts can count on zero-CVE images across a given chart.

Our Path Forward for Helm Charts

Much like Chainguard Containers, our ultimate vision for Chainguard’s Helm Charts is to make adoption and security simple, including minimal footprint, secure-by-default settings, and of course, easy operability. Looking toward the future, we intend to not only add breadth in terms of Helm Chart support, but to deepen security-first configurations and capabilities. That includes building our charts to be compliant out of the box with security gold standards like Pod Security Standards and PCI, as well as integrating with the many compliance and conformance-focused Kubernetes linters, and more.

If you're interested in learning more about how Chainguard can secure your software supply chain, reach out today. 

Existing Chainguard customers can reach out to their account teams to learn more about our Helm Charts.