Helm
Helm is the package manager for Kubernetes. Instead of managing dozens of individual YAML files, you install a chart — a pre-packaged set of Kubernetes resources — and customize it with values.
Key Concepts
Section titled “Key Concepts”- Chart — A collection of templates and defaults that describe a set of Kubernetes resources (e.g. a deployment, service, configmap, ingress).
- Release — A specific instance of a chart installed in a cluster. You can install the same chart multiple times with different names.
- Values — Configuration you pass to customize a chart (replicas, image tag, resource limits, etc.).
- Repository — A place where charts are stored and shared (like npm for Node or PyPI for Python).
Common Commands
Section titled “Common Commands”Add a Repository
Section titled “Add a Repository”helm repo add bitnami https://charts.bitnami.com/bitnamihelm repo updateSearch for Charts
Section titled “Search for Charts”helm search repo nginxhelm search hub prometheus # search Artifact HubInstall a Chart
Section titled “Install a Chart”helm install my-nginx bitnami/nginxThis creates a release named my-nginx using the bitnami/nginx chart with default values.
Custom Values
Section titled “Custom Values”Override defaults with --set or a values file:
helm install my-nginx bitnami/nginx --set replicaCount=3
helm install my-nginx bitnami/nginx -f my-values.yamlExample my-values.yaml:
replicaCount: 3service: type: LoadBalancerresources: limits: cpu: 200m memory: 256MiList Releases
Section titled “List Releases”helm listhelm list -A # all namespacesUpgrade a Release
Section titled “Upgrade a Release”helm upgrade my-nginx bitnami/nginx --set replicaCount=5helm upgrade my-nginx bitnami/nginx -f my-values.yamlRollback
Section titled “Rollback”helm rollback my-nginx 1 # roll back to revision 1helm history my-nginx # see all revisionsUninstall
Section titled “Uninstall”helm uninstall my-nginxChart Structure
Section titled “Chart Structure”A chart is a directory with this layout:
my-chart/ Chart.yaml # name, version, description values.yaml # default configuration charts/ # sub-charts (dependencies) templates/ # Kubernetes manifest templates deployment.yaml service.yaml ingress.yaml _helpers.tpl # reusable template snippets NOTES.txt # post-install message shown to userWhen you run helm install, Helm renders every file in templates/ using Go templating, merges your values with the defaults, and applies the resulting YAML to the cluster. For the full guide on writing templates, value injection methods, and where values come from in production, see Helm Templating.
When to Use Helm
Section titled “When to Use Helm”- Third-party software — Installing Prometheus, NGINX, PostgreSQL, etc. Most have official Helm charts.
- Repeatable deployments — Same app deployed to dev, staging, prod with different values files.
- Versioned releases — Helm tracks revisions so you can roll back if something breaks.
- Your own apps — Once you have more than a few manifests, templatizing them into a chart avoids copy-paste across environments.
Limitations and Pitfalls
Section titled “Limitations and Pitfalls”- Helm 3 vs 2 — Helm 3 has no Tiller; releases are namespace-scoped by default and upgrades use a three-way merge (live state vs last release vs new chart). Understand unexpected retained fields after
kubectl editoutside Helm. - Hooks and ordering — pre/post hooks and CRD install jobs can fail or run in surprising order; upgrades may leave resources half-applied. Test upgrades in staging.
- Subcharts and versions — Dependency version pins in
Chart.yaml/ lock files; transitive chart upgrades are easy to get wrong (“subchart hell”). - Opaque upstream charts — Huge community charts hide complexity; values surface only part of the behavior — use
helm templateand diff tools before prod. - GitOps + Helm — Drift when someone runs
kubectloutside the pipeline; Argo CD / Flux reconcile rendered manifests — align who owns release vs sync. - Secrets in values — Plaintext in
values.yamlis a git and shell history risk; prefer Sealed Secrets, SOPS, External Secrets, or CI-injected values (see Helm Templating secrets section). - Debugging —
helm template/helm get manifestto see rendered YAML; compare with cluster objects when “Helm says success but app broken.”
For when operators or GitOps fit better, see Helm, operators, and GitOps.
Key Takeaways
Section titled “Key Takeaways”- Helm = charts (packages) + values (config) + releases (instances).
helm installto deploy,helm upgradeto update,helm rollbackto revert.- Use values files (
-f values.yaml) for environment-specific config instead of long--setchains. - For Go templating syntax, built-in objects, named templates, and value sources, see Helm Templating.