What’s the Best Way to Manage Helm Charts and Container Image Availability?

I focus on using minimal Helm charts when possible. Sometimes, I even rewrite charts for my specific deployment scenarios. It's great to have comprehensive charts, but not every feature fits my needs.

We maintain an Artifactory to store our charts and proxy images, but I’d personally prefer if we stored images ourselves for better control.

In my experience with a small team, we try to utilize CNCF alternatives wherever possible. If something isn’t available, we stick with official releases and hope they stay put. We’ve also set up a local Harbor registry that acts as a proxy for container images, and we run vulnerability scans on it. It’s not perfect, but we’re gradually reducing our dependency on external vendors.

I've been working on cleaning up our dependency management, too. We currently use a mix of JFrog Artifactory for a read-through cache and maintain a container store manually on GCP. If I had to choose again, I’d lean towards using Harbor.

We pull in external charts into our local Harbor instance and rely on that for our deployments.

Having an internal mirror for charts and images is becoming a standard practice, especially in light of the Bitnami incident. It ensures stability, gives control over updates, and is essential for air-gapped or compliance-heavy setups. Along with mirroring, I suggest standardizing on well-maintained base images to avoid issues with sudden deprecations or missing patches. At my company, we’ve invested in curated, low-CVE images built on mainstream LTS distros to help mitigate these risks. Check out this overview for more info on how to make your supply chain resilient: [Bitnami Goes Behind Paywall: RapidFort's Curated Near-Zero CVE Images Offer Superior Alternative](https://www.rapidfort.com/blog/bitnami-goes-behind-paywall-rapidforts-curated-near-zero-cve-images-offer-superior-alternative). Hope this helps!