diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 5377aea..5e09c14 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -26,6 +26,7 @@ default:
 stages:
   - custom
   - gitlab
+  - gitlab-chart
   - gitlab-assets
   - gitlab-review-app
   - workhorse
diff --git a/.gitlab/ci/custom.images.yml b/.gitlab/ci/custom.images.yml
index 7da6733..dc8ddb7 100644
--- a/.gitlab/ci/custom.images.yml
+++ b/.gitlab/ci/custom.images.yml
@@ -1,9 +1,6 @@
 danger:
   extends: .build_static_image
 
-gitlab-charts-build-base-helm-3.9:
-  extends: .build_static_image
-
 gitlab-helm3.9-kubectl1.23:
   extends: .build_static_image
 
diff --git a/.gitlab/ci/gitlab.helm.images.yml b/.gitlab/ci/gitlab.helm.images.yml
new file mode 100644
index 0000000..481754e
--- /dev/null
+++ b/.gitlab/ci/gitlab.helm.images.yml
@@ -0,0 +1,28 @@
+# Used by GitLab chart CI (https://gitlab.com/gitlab-org/charts/gitlab)
+
+.gitlab-chart:
+  extends:
+    - .build_dynamic_image
+  rules:
+    - !reference [.build_dynamic_image, rules]
+    - changes:
+        - "scripts/lib/custom-docker-build"
+        - "scripts/install-kubectl"
+        - "scripts/install-helm"
+        - "scripts/install-helm-kubeconform"
+        - "scripts/install-ruby"
+        - "scripts/install-vcluster"
+        - ".gitlab/ci/gitlab.helm.images.yml"
+
+gitlab-chart:
+  extends:
+    - .gitlab-chart
+  stage: gitlab-chart
+  variables:
+    RUBY: '3.2'
+    HELM: '3.10'
+    HELM_KUBECONFORM: '0.1.17'
+    VCLUSTER: '0.19'
+    KUBECTL: '1.30'
+    AWSCLI: '1.32.93'
+    OS: 'debian:bookworm-slim'
diff --git a/Dockerfile.custom b/Dockerfile.custom
index 729339a..7e2c1a0 100644
--- a/Dockerfile.custom
+++ b/Dockerfile.custom
@@ -112,12 +112,29 @@ ARG HELM_DOWNLOAD_SHA256
 
 RUN if [ -n "$HELM_VERSION" ] ; then /scripts/install-helm "$HELM_VERSION" "$HELM_DOWNLOAD_SHA256"; fi
 
+# Helm kubeconform
+
+ARG HELM_KUBECONFORM_VERSION
+RUN if [ -n "$HELM_VERSION" ] && [ -n "$HELM_KUBECONFORM_VERSION" ] ; then /scripts/install-helm-kubeconform "$HELM_KUBECONFORM_VERSION"; fi
+
 # Kind
 ARG KIND_VERSION
 ARG KIND_DOWNLOAD_SHA256
 
 RUN if [ -n "$KIND_VERSION" ] ; then /scripts/install-kind "$KIND_VERSION" "$KIND_DOWNLOAD_SHA256"; fi
 
+# VCluster
+ARG VCLUSTER_VERSION
+ARG VCLUSTER_DOWNLOAD_SHA256
+
+RUN if [ -n "$VCLUSTER_VERSION" ] ; then /scripts/install-vcluster "$VCLUSTER_VERSION" "$VCLUSTER_DOWNLOAD_SHA256"; fi
+
+# AWS CLI
+ARG AWSCLI_VERSION
+
+RUN if [ -n "$AWSCLI_VERSION" ] ; then /scripts/install-awscli "$AWSCLI_VERSION" ; fi
+
+
 RUN /scripts/generate-locale
 ENV LANG=C.UTF-8 \
   LANGUAGE=C \
diff --git a/Dockerfile.gitlab-charts-build-base-helm-3.9 b/Dockerfile.gitlab-charts-build-base-helm-3.9
deleted file mode 100644
index 96a7189..0000000
--- a/Dockerfile.gitlab-charts-build-base-helm-3.9
+++ /dev/null
@@ -1,41 +0,0 @@
-FROM ruby:3.1-alpine
-MAINTAINER GitLab Distribution Team
-
-ENV HELM_VERSION=3.9.4
-ENV HELM_URL=https://get.helm.sh/helm-v${HELM_VERSION}-linux-amd64.tar.gz
-ENV HELM_HOME=/root/.helm
-
-# kubectl (possibly in gcloud?)
-ENV KUBECTL_VERSION=1.26.7
-ENV KUBECTL_URL=https://storage.googleapis.com/kubernetes-release/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl
-
-ENV VCLUSTER_VERSION=0.16.3
-ENV VCLUSTER_URL=https://github.com/loft-sh/vcluster/releases/download/v${VCLUSTER_VERSION}/vcluster-linux-amd64
-
-# Install dependencies
-RUN apk --no-cache add -U openssl curl tar gzip bash ca-certificates git python3 py3-pip groff gpg gpg-agent\
-  && mkdir -p /opt
-
-# Install kubectl
-RUN curl -L -o /usr/local/bin/kubectl ${KUBECTL_URL} \
-  && chmod +x /usr/local/bin/kubectl \
-  && kubectl version --client
-
-# Install Helm
-RUN wget -q -O - ${HELM_URL} | tar zxf - \
-    && mv linux-amd64/helm /usr/bin/ \
-    && chmod +x /usr/bin/helm \
-    && helm version --client
-
-# Install kubeconform
-ENV KUBECONFORM_HELM_VERSION=0.1.16
-RUN mkdir -p $HELM_HOME/plugins && \
-    helm plugin install https://github.com/jtyr/kubeconform-helm --version ${KUBECONFORM_HELM_VERSION}
-
-# Install aws cli
-RUN pip3 install awscli
-
-# Install vcluster
-RUN curl -L -o /usr/local/bin/vcluster ${VCLUSTER_URL} \
-  && chmod +x /usr/local/bin/vcluster \
-  && vcluster version
diff --git a/scripts/install-awscli b/scripts/install-awscli
new file mode 100755
index 0000000..7462105
--- /dev/null
+++ b/scripts/install-awscli
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+set -xeou pipefail
+
+AWSCLI_VERSION=${1}
+
+export DEBIAN_FRONTEND=noninteractive
+apt-get update
+apt-get -y install python3 python3-pip
+
+rm /usr/lib/python3.*/EXTERNALLY-MANAGED
+pip install awscli==${AWSCLI_VERSION}
diff --git a/scripts/install-helm-kubeconform b/scripts/install-helm-kubeconform
new file mode 100755
index 0000000..32fab9a
--- /dev/null
+++ b/scripts/install-helm-kubeconform
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+set -xeou pipefail
+
+KUBECONFORM_HELM_VERSION=${1}
+
+helm plugin install https://github.com/jtyr/kubeconform-helm --version ${KUBECONFORM_HELM_VERSION}
diff --git a/scripts/install-vcluster b/scripts/install-vcluster
new file mode 100755
index 0000000..1060826
--- /dev/null
+++ b/scripts/install-vcluster
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+set -xeou pipefail
+
+VCLUSTER_VERSION=${1}
+VCLUSTER_DOWNLOAD_SHA256=${2}
+TARGETARCH=${TARGETARCH:-amd64}
+VCLUSTER_DOWNLOAD_URL=https://github.com/loft-sh/vcluster/releases/download/v${VCLUSTER_VERSION}/vcluster-linux-${TARGETARCH}
+
+/scripts/download-file vcluster "$VCLUSTER_DOWNLOAD_URL" "$VCLUSTER_DOWNLOAD_SHA256"
+
+chmod +x vcluster
+mv vcluster /usr/local/bin/vcluster
diff --git a/scripts/lib/custom-docker-build b/scripts/lib/custom-docker-build
index 2267ca1..1c28bfb 100755
--- a/scripts/lib/custom-docker-build
+++ b/scripts/lib/custom-docker-build
@@ -307,6 +307,11 @@ function print_kubectl_args() {
             KUBECTL_DOWNLOAD_SHA256[amd64]=b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae
             KUBECTL_DOWNLOAD_SHA256[arm64]=79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4
             ;;
+        1.30)
+            KUBECTL_VERSION=1.30.0
+            KUBECTL_DOWNLOAD_SHA256[amd64]=7c3807c0f5c1b30110a2ff1e55da1d112a6d0096201f1beb81b269f582b5d1c5
+            KUBECTL_DOWNLOAD_SHA256[arm64]=669af0cf520757298ea60a8b6eb6b719ba443a9c7d35f36d3fb2fd7513e8c7d2
+            ;;
         *) fail "Unknown kubectl version $1" ;;
     esac
 
@@ -323,6 +328,11 @@ function print_helm_args() {
             HELM_DOWNLOAD_SHA256[amd64]=31960ff2f76a7379d9bac526ddf889fb79241191f1dbe2a24f7864ddcb3f6560
             HELM_DOWNLOAD_SHA256[arm64]=d24163e466f7884c55079d1050968e80a05b633830047116cdfd8ae28d35b0c0
             ;;
+        3.10)
+            HELM_VERSION=3.10.3
+            HELM_DOWNLOAD_SHA256[amd64]=950439759ece902157cf915b209b8d694e6f675eaab5099fb7894f30eeaee9a2
+            HELM_DOWNLOAD_SHA256[arm64]=dca718eb68c72c51fc7157c4c2ebc8ce7ac79b95fc9355c5427ded99e913ec4c
+            ;;
         3.14)
             HELM_VERSION=3.14.0
             HELM_DOWNLOAD_SHA256[amd64]=f43e1c3387de24547506ab05d24e5309c0ce0b228c23bd8aa64e9ec4b8206651
@@ -351,6 +361,32 @@ function print_kind_args() {
     printf -- "--build-arg KIND_DOWNLOAD_SHA256=%q " "${KIND_DOWNLOAD_SHA256[*]}"
 }
 
+function print_vcluster_args() {
+    declare -A VCLUSTER_DOWNLOAD_SHA256
+
+    case "$1" in
+        0.19)
+            VCLUSTER_VERSION=0.19.4
+            VCLUSTER_DOWNLOAD_SHA256[amd64]=42e2b436c333d1b914525590d928160c56529b7351b88886322f1cca3b240f10
+            VCLUSTER_DOWNLOAD_SHA256[arm64]=2f138bbfb3a57a25e7635626a80b31d248d08507d6b021aaa1a40c274282ced7
+            ;;
+        *) fail "Unknown vcluster version $1" ;;
+    esac
+
+    printf -- "--build-arg VCLUSTER_VERSION=%s " "$VCLUSTER_VERSION"
+    printf -- "--build-arg VCLUSTER_DOWNLOAD_SHA256=%q " "${VCLUSTER_DOWNLOAD_SHA256[*]}"
+}
+
+function print_helm_kubeconform_args() {
+    HELM_KUBECONFORM_VERSION="$1"
+    printf -- "--build-arg HELM_KUBECONFORM_VERSION=%s " "$HELM_KUBECONFORM_VERSION"
+}
+
+function print_awscli_args() {
+    AWSCLI_VERSION="$1"
+    printf -- "--build-arg AWSCLI_VERSION=%s " "$AWSCLI_VERSION"
+}
+
 function parse_arguments() {
     printf -- "-f Dockerfile.custom "
 
@@ -394,6 +430,9 @@ function parse_arguments() {
                 KUBECTL) print_kubectl_args $version ;;
                 HELM) print_helm_args $version ;;
                 KIND) print_kind_args $version ;;
+                VCLUSTER) print_vcluster_args $version ;;
+                AWSCLI) print_awscli_args $version ;;
+                HELM_KUBECONFORM) print_helm_kubeconform_args $version ;;
                 *) fail "Unknown tool $tool" ;;
             esac
         fi
diff --git a/scripts/lib/custom-docker.sh b/scripts/lib/custom-docker.sh
index 785317b..49d02fe 100644
--- a/scripts/lib/custom-docker.sh
+++ b/scripts/lib/custom-docker.sh
@@ -2,7 +2,7 @@
 # various variable operations used in this script.
 
 PATH_TOOLS=(DEBIAN OS UBI RUBY GOLANG RUST NODE POSTGRESQL)
-TAG_TOOLS=(BUNDLER RUBYGEMS GIT LFS CHROME YARN GRAPHICSMAGICK EXIFTOOL BAZELISK DOCKER GCLOUD KUBECTL HELM KIND)
+TAG_TOOLS=(BUNDLER RUBYGEMS GIT LFS CHROME YARN GRAPHICSMAGICK EXIFTOOL BAZELISK DOCKER GCLOUD KUBECTL HELM HELM_KUBECONFORM KIND VCLUSTER AWSCLI)
 
 # Generate the docker image path using the components that were specified via
 # variables.