Helm 2nd Security Audit

Fri, Mar 5, 2021

Helm has now completed a second security audit, funded by the CNCF. The first audit focused on the source code for the Helm client along with the process Helm uses to handle security. The second audit, performed by Trail of Bits, looked at the source code for the Helm client along with a threat model for the use of Helm.

Read More…

Helm 2 and the Charts Project Are Now Unsupported

Fri, Nov 13, 2020

A year ago, we introduced Helm 3, a major evolution in Helm's development. And we announced at that time that Helm 2 would receive patches and security updates for a year. Here we are, one year later. Friday the 13th, 2020 seems like a fitting day to end support for a major version. And today, we are announcing the official end of support for Helm 2. The charts repository is also now read-only, with no further changes. Read More…

Helm Chart Repository Deprecation Update

Fri, Oct 30, 2020

Back in 2019, when the Helm v2 support timeline and end of life plan was announced, the deprecation of the helm/charts GitHub repository was announced, as well. The primary reason for the deprecation is the significant increase in upkeep for the repo maintainers. Over the last couple of years the number of charts under maintainance increased from ~100 to 300+ causing a commensurate increase in pull requests and updates to the repo. Read More…

New Location For Stable and Incubator Charts

Mon, Oct 26, 2020

As previously announced, the stable and incubator repositories have moved to a new location. This post will update you on the new locations and provide directions to start using them.

Important Note: This does not affect the obsolescence timeline for the stable and incubator repositories that was announced in 2019. On November 13, 2020 the stable and incubator charts repository will reach the end of development and become archives. You can find that many of the charts have moved to other, community managed, repositories. You can discover these on the Artifact Hub. More information on the obsolescence will follow in future blog posts and communications.

The new location for the stable repository is https://charts.helm.sh/stable and the new location for the incubator repository is https://charts.helm.sh/incubator. If you use charts in either of these old locations below you MUST update the repositories you use before November 13, 2020. The new locations are hosted using GitHub pages.

NameOld LocationNew Location
stablehttps://kubernetes-charts.storage.googleapis.comhttps://charts.helm.sh/stable
incubatorhttps://kubernetes-charts-incubator.storage.googleapis.comhttps://charts.helm.sh/incubator

Along with the new locations, Helm v2.17.0 and v3.4.0 have been released to help you use the new location. You are encouraged to upgrade to the latest versions.

Read More…

Helm Hub Moving To Artifact Hub

Wed, Oct 7, 2020

Today, we are happy to announce that the Helm Hub is moving to the Artifact Hub. That means, when you go to the Helm Hub you will be redirected to the Artifact Hub. What This Means For You If you search the Helm Hub or list your charts in the Helm Hub you might wonder, what does this mean for me? The Artifact Hub lists all of the same charts the Helm Hub has listed. Read More…

Helm v2 Deprecation Timeline

Wed, Aug 12, 2020

with a nod to Lewis Carroll...

“The time has come,” the maintainers said,
  “To talk of software fates:
Of upgrades -- and shipping Helm v3 --
  Of bugfixes -- and k8s --”

Helm v3 was released in November 2019, the result of ongoing community effort to evolve Helm to meet the community’s needs. With a streamlined client-only experience, a renewed focus on security, and tighter integration with Kubernetes APIs, Helm v3 continues to provide production-tested package management for Kubernetes. And as a graduated CNCF project, Helm is a key part of the cloud native ecosystem.

We recognize that rolling out a major version change in production requires time. The Helm maintainers committed to providing bugfixes for Helm v2 until May 2020 (which they extended to August 2020) and security patches for Helm v2 until November 2020. And now the bugfix window is closing; Helm v2.16.10 will be the final bugfix release and 2.17.0 will follow with the download location updated.

Read More…

Celebrating Helm's CNCF Graduation

Thu, Apr 30, 2020

Today we are happy to see Helm reach the final stage of the CNCF ladder. Helm has moved from the incubating level to the graduated level as a CNCF project, alongside Kubernetes and other select projects. Given Helm's humble beginnings as a hackathon project at Deis, a small startup, we are ecstatic to see our little baby all grown up. And we have certainly learned a lot about coding, community, and organizational politics over the last five years. Read More…

COVID-19: Extending Helm v2 Bug Fixes

Fri, Apr 3, 2020

As our world comes together to fight the global pandemic, the Helm maintainers want to ensure that we're doing our part to help you maintain your critical systems while they are operating at peak demand in a time where normal development and operation schedules have had to be adjusted. When Helm v3 was released in November 2019, our original commitment was that we would offer six months of Helm v2 bug fixes, which would end May 13, 2020, followed by six more months of security fixes for Helm v2. Read More…