Over four years ago, we introduced Helm 3, a major evolution in Helm's development. And we announced at that time that Helm 2 would receive patches and security updates for a year. We also provided a migration path to Helm 3 from Helm 2 and a tool helm-2to3 to automate migration. One year later, Helm 2 became unsupported. Here we are, over 3 years since Helm 2 became unsupported. It would be expected that all users should be migrated to Helm 3 by this time. Read More…

We have been saying it for a while now – Helm is "stable software". That should not come as a surprise to anyone familiar with Kubernetes and the surrounding ecosystem as many within the Kubernetes community consider Helm to be the de-facto package manager. The use of Helm is far reaching: from open source community projects, to startups, to Fortune 500 organizations. Helm has become an essential component of build and deployment workflows that handle mission critical workloads. Read More…

CVE-2019-25210 was recently filed against the Helm project. This action was completed without engaging the Helm project and working through the documented security process and team. The Helm project was given no notice before the disclosure was released which resulted in the inability to provide an appropriate statement beforehand. This post serves as the response from the Helm project. Not A Vulnerability In Helm The Helm project rejects this disclosure’s assertion of a vulnerability within Helm. Read More…

Helm 3.13 brings some significant and useful changes for Helm users. This ranges from longtime bugs being fixed to some new features that can have an impact on performance. Dry-run & Template Can Connect To Servers The dry-run feature on install and upgrade, and Helm template has not been able to communicate with Kubernetes servers. This is for security and because Helm template was designed for template rendering alone. With Helm 3. Read More…

Helm introduced full support for storing charts within OCI registries as a distribution method beginning in version 3.8, and while this feature has been available for some time now, there is more underneath the hood than one may realize to make this capability all possible. A number of concepts, working in unison, make it possible to store content aside from traditional container images within OCI registries. This article will explore one of these important concepts, Media Types, their purpose, and how Helm’s own set of Media Types make it possible to extend the storage of charts beyond standard chart repositories to OCI registries. Read More…

In the past year, the team at Ada Logics has worked on integrating continuous fuzzing into the Helm core project. This was an effort focused on improving the security posture of Helm and ensuring a continued good experience for Helm users. The fuzzing integration involved enrolling Helm in the OSS-Fuzz project and writing a set of fuzzers that further enriches the test coverage of Helm. In total, 38 fuzzers were written, and nine bugs were found (with eight fixed so far), demonstrating the work’s value for Helm both short term and long term. Read More…

The Helm project is happy to welcome yxxhero as our newest maintainer for the helm-www repo!

The Helm maintainers are excited to be headed to KubeCon + CloudNativeCon NA '22 in Detroit, MI in a couple of weeks! As always, there will be a few different places you can find us!

We regularly get questions from people who want tools or methods to manage their Helm releases in an environment. This post provides some insight and direction to help people get started.

With the release of Helm 3.8.0, Helm is able to store and work with charts in container registries, as an alternative to Helm repositories. This feature, which used to be an experimental feature, is now generally available.