JFrog as a Helm Repository

JFrog Container Registry is a repository manager, available as a self-hosted (Freemium) or SaaS solution powered by Artifactory. It offers fully-featured operation with Helm providing:
1) Unlimited Helm registries:
2) local registries for your images
3) remote proxies of remote registries
4) virtual registries (a single URL to access any combination of other registries)
5) Free and immediate image promotion (you can move your images between registries with an API call, without pulling/pushing)
6) Build metadata with Artifactory Query Language with flexible and intuitive RBAC.
We will also introduce security scanning with JFrog Xray soon.

Helm supports private repositories which are handy to protect your charts from unauthorized access.
You can set up your private Helm repository in Artifactory quickly to manage all your Helm charts. Simply create a new repository in Artifactory, then specify it as a Helm package type, along with a repository key address it by. Once the Helm repository is created, it can be accessed using the native Helm client to publish and pull charts.
You can manage secure private Helm repositories in Artifactory through its features for fine-grain access control, restricting access only to the users and teams who need it.

Any Helm repository you create in Artifactory can be as restricted or as open as you need it to be. You can set permission targets that specify what actions can be performed by different user groups, and choose who may and may not access certain repositories..

An instance of Artifactory that can be addressed publicly on the network can host a Helm repository with unrestricted permissions. In this way, you can create a public Helm repository, If you choose, you can still limit usage to those repositories, such as allowing only certain groups to publish Helm charts while permitting anyone to pull any of the charts.

A remote Helm repository in Artifactory is a caching proxy for a repository managed at a remote URL such as on Helm Hub repositories. A remote repository can even proxy a Helm repository managed at a remote site by another instance of Artifactory.

A remote Helm repository in Artifactory acts as a fast, local cache to help assure consistent and reliable access to an external registry. It can also provide a safeguard against resource or connectivity outages.
Because a remote repository is a proxy of another repository, you can’t publish Helm charts directly to it. Instead, you must publish your Helm chart to the Helm repository at the remote URL. You can then pull that Helm chart, and any others hosted by that repository, through the remote Helm repository in Artifactory.

Helm v3 is a significant feature update that helps keep the K8s package manager current with the evolution of Kubernetes. In addition to being much simpler, it supports all of the latest security, authorization, and identity features of K8s orchestration.
Among these changes in Helm v3 is the elimination of the Tiller server-side component for secure application installation. Instead, Helm v3 uses the role-based access control (RBAC) facilities more recently implemented in Kubernetes.

One of Helm v3 architectural changes is the way release data is stored, this causes Helm v3 CLI to not recognize releases created with the Helm v2 CLI. To use Helm v3 CLI with v2 releases, migrate v2 release data to a format which v3 understands. This can easily be done using the Helm v3 2to3 plugin which will migrate the Helm v2 configuration, releases, clean up v2 configuration, release data and Tiller deployment.

Helm v3 is fully compatible with Helm v2 charts and chart repositories. JFrog Artifactory supports both Helm v2 and v3 clients and only Helm v2 Helm repositories. Existing Helm repositories stored in Artifactory will not require any changes to be accessible for Helm v3 CLI.