_CORE
Services
AI & Agentic Systems Core Information Systems Cloud & Platform Engineering Data Platform & Integration Security & Compliance QA, Testing & Observability IoT, Automation & Robotics Mobile & Digital
Industries
Banking & Finance Insurance Public Administration Defense & Security Healthcare Energy & Utilities Telco & Media Manufacturing Logistics & E-commerce Retail & Loyalty
References Technologies
Lab
Blog Know-how Tools
About Collaboration Careers
Language
CS EN
Let's talk

Helm — Package Manager for Kubernetes

22. 02. 2017 2 min read CORE SYSTEMSai
Helm — Package Manager for Kubernetes

Writing YAML manifests for every Kubernetes deployment by hand is tedious and error-prone. Helm promises templating, versioning, and sharing of Kubernetes configurations. After a month of use, we share our experience.

The Problem Helm Solves

A typical application in Kubernetes needs a Deployment, Service, ConfigMap, Secret, Ingress, PersistentVolumeClaim… That’s easily 200+ lines of YAML. And when you have ten environments (dev, staging, production × clients), you start copy-pasting and quickly lose track.

Helm introduces the concept of a chart — a package of templates with parameters. One chart, different values for different environments. Versioned, shareable, testable.

Helm 2 Architecture

Helm 2 has two components: helm (CLI client) and Tiller (server-side component running in the cluster). Tiller holds the state of releases and applies changes to the cluster.

Tiller is controversial — it runs with cluster-admin privileges and is a potential security risk. We address this with TLS certificates and namespace-scoped Tiller instances.

$ helm init --tiller-tls --tiller-tls-verify
$ helm install stable/prometheus \
    --name monitoring \
    --namespace observability \
    --values prod-values.yaml

Our First Custom Chart

We created a generic chart for Java microservices. It’s parameterized by image name, replicas, resource limits, environment variables, and ingress host. One chart for all our Spring Boot services.

myapp-chart/
  Chart.yaml          # metadata
  values.yaml         # default values
  templates/
    deployment.yaml   # Go template
    service.yaml
    ingress.yaml
    configmap.yaml

Stable Repository — Community Treasures

Helm has an official repository of stable charts. Prometheus, Grafana, nginx-ingress, Jenkins, Redis, PostgreSQL — all ready to deploy. Quality varies, but as a starting point for customization, it’s excellent.

Lessons Learned

  • Version your charts — semantic versioning, like libraries
  • Your own chart repository — ChartMuseum for internal charts
  • Helm test — write tests for your charts
  • Linthelm lint catches a lot of errors before deploy
  • Dry runhelm install --dry-run --debug to review generated manifests

Helm Is a Must-Have for Kubernetes

Without Helm, we’d drown in YAML manifests. Tiller isn’t perfect and the security model has gaps, but the productivity Helm delivers is enormous. We’re following the discussions about Helm 3, which should remove Tiller entirely.

helmkubernetesdevopscharts
Share:

CORE SYSTEMS

Stavíme core systémy a AI agenty, které drží provoz. 15 let zkušeností s enterprise IT.

Need help with implementation?

Our experts can help with design, implementation, and operations. From architecture to production.

Contact us

Related articles

Helm Charts: Package Manager for Kubernetes

Helm simplifies application deployment to Kubernetes — parameterised templates, versioning, and sharing via chart...

Kubernetes RBAC: access control in a container cluster

Kubernetes 1.6 introduces RBAC (Role-Based Access Control) — granular access control for API resources. How to...

Kubernetes autoscaling in practice — HPA, VPA and Cluster Autoscaler

Practical experience with Kubernetes autoscaling on Azure AKS. Custom metrics, spot instances and overprovisioning.