Fleet Continuous Delivery now manages Helm and image pull secrets natively for GitOps workflows

At KubeCon EU 2026, SUSE is announcing General Availability of image pull secrets management for HelmOps in Rancher Continuous Delivery. Bootstrapping a new cluster consistently is one of those tasks that looks straightforward until you’re doing it across dozens of environments. Getting Helm access credentials and image pull secrets configured correctly, across every cluster, for every chart pulling from private registries, adds friction to what should be a repeatable, automated process. This release removes that friction directly from within Continuous Delivery.

Cluster bootstrapping just got a lot less manual

Platform engineers are the core Rancher user, and the feedback is consistent. The GitOps workflow is where they want to operate, and anything that pulls them outside of it adds overhead. Image pull secrets management for HelmOps keeps the entire bootstrapping process inside that workflow.

With this release, platform engineers can define Helm repository access credentials and image pull secrets directly within a HelmOps configuration. Those secrets are then available across the fleet without requiring manual setup on individual clusters. Because charts often reference images from multiple registries, the feature supports multiple image pull secrets per chart, covering the full range of sources a real-world deployment touches.

The result is cluster bootstrapping that is consistent, auditable, and automated from day one.

How HelmOps secret management works in practice

The implementation centers on two types of secrets referenced within a HelmOps resource. The first is the Helm access secret, referenced via the HelmSecretName field, which handles authentication to a private Helm repository. The second is image pull secrets, which cover the container image registries that a chart’s images are pulled from.

Both are managed through the same GitOps workflow platform engineers already use for application delivery. There’s no separate bootstrapping step, no out-of-band credential management, and no requirement to set up a Git repository just to point Fleet at a Helm or OCI registry. Platform engineers can now create and manage bundles by referencing a Helm repository or OCI registry directly.

Available now for both open source and Prime users

Image pull secrets management for HelmOps is generally available in Rancher Continuous Delivery starting with this release. It is available in both the open source Fleet project and in SUSE Rancher Prime, making it accessible regardless of where you are in the SUSE portfolio.

For SUSE Rancher Prime customers, the Application Collection integration is the most immediate place to feel the impact. If your team is already using Application Collection charts and wants to bring them under GitOps management without standing up additional infrastructure, this is the path.

Put your cluster bootstrapping on autopilot

If you’re managing multiple clusters and spending time on credential setup that should be automated, this release is worth your attention now. Visit the Rancher Continuous Delivery documentation to see how to configure HelmOps secret management in your environment, or stop by the SUSE booth at KubeCon EU 2026 in Amsterdam to talk through how it fits your specific fleet setup.

If you want help designing your GitOps bootstrapping workflow or scaling Continuous Delivery across a larger fleet, SUSE Consulting offers outcome-focused engagements built for exactly this kind of work. Reach out to your SUSE account team to get started.

For the latest updates, visit suse.com/kubecon or connect with a SUSE expert to explore what’s possible for your organization.