And Helm makes 10: Package manager graduates Cloud Native Computing Foundation

Helm, a package manager for the Kubernetes ecosystem, has flown its nest in the Linux Foundation’s cloud native arm, CNCF, after a good two years in its incubator.

The new position at the foundation’s top tier of projects signals that Helm, the tenth project to graduate,  is now mature enough to be adopted by the majority of enterprise users and has implemented the foundation’s best practices in a variety of areas. Graduation criteria include the adoption of a code of conduct, a completed independent security audit, and having a defined governance and code commitment process. 

Apart from that, projects need to have committers from at least two organisations as a sign of vendor independence, a publicly available list of adopters, and a Core Infrastructure Initiative Best Practices Badge to join Kubernetes, Prometheus and Co.

According to the project’s announcement blog, Helm started in 2015 as a hackathon project at startup Deis, which was acquired by Microsoft in 2017. Its makers initially aimed at making the deployment of cloud native applications easy for those new to Kubernetes and providing package management at enterprise scale. 

“Our goal was to be for Kubernetes what homebrew is to macOS, apt-get is to Debian/Ubuntu, and Chocolatey is to Windows,” wrote Helm creator Matt Butcher. His team’s efforts didn’t go unnoticed for long, with Helm becoming a Kubernetes sub-project in 2016. 

After reaching that milestone, it only was a matter of time before Helm made its way into the Cloud Native Computing Foundation’s incubator, which finally happened in 2018. Today the project is said to have 28 active maintainers from 16 different organisations pushing it forward across a variety of sub-projects. Key adopters include IBM, Samsung SDS, and (of course) Microsoft.

In 2019, the Helm team pushed out version 3 of its project, which brought about some long awaited improvements like a new upgrade strategy, and also saw it getting rid of Tiller, which is meant to provide the project with a simplified security model, amongst other things. 

According to Butcher, investigations into the next major release have already begun, though the project “will continue our unwavering commitment to stability and compatibility from major version to major version”. 

How the future ends up looking remains to be seen, since the CNCF reported to work on a new artifact hub earlier this year. The new initiative assembled representatives from Helm, the Operator Framework, and KUDA, so groups currently offering some sort of artifact hub, and supposedly aims to present users with a new central access point for packages and other artifacts. 

It will be interesting to learn where that leaves the more established providers, since there probably isn’t an awful lot of use in having both. After all, Helm wouldn’t be the first CNCF project to make way to comply with a bigger picture. OpenTracing, for example, was merged with OpenCensus and is now known as OpenTelemetry, which sounds like an approach that would fit in with the CNCF Artifact Hub idea.