Why Helm Best Practices Matter
Helm is the de facto package manager for Kubernetes, used by 70%+ of organizations. But with great power comes great responsibility — poorly structured Helm charts are a leading cause of configuration drift and deployment failures.
Chart Structure Best Practices
1. Follow the Standard Directory Layout
mychart/
Chart.yaml # Chart metadata
values.yaml # Default configuration
values-prod.yaml # Production overrides
templates/
deployment.yaml
service.yaml
ingress.yaml
_helpers.tpl # Template helpers
NOTES.txt # Post-install notes
tests/
test-connection.yaml
2. Use Semantic Versioning
Follow SemVer for chart versions:
- Major: Breaking changes to values.yaml
- Minor: New features, backward compatible
- Patch: Bug fixes only
3. Document All Values
Every value in values.yaml should have a comment explaining its purpose, type, and default.
Template Best Practices
4. Use Named Templates
Define reusable template snippets in _helpers.tpl.
5. Always Set Resource Requests and Limits
Never deploy without resource constraints.
6. Use Liveness and Readiness Probes
Every deployment should have health checks.
Security Best Practices
7. Run as Non-Root
Always set securityContext.runAsNonRoot: true.
8. Use Image Digests
Pin images to SHA256 digests instead of mutable tags.
9. Scan Charts for Vulnerabilities
Use tools like helm lint, kubeconform, and polaris to validate charts.
Deployment Best Practices
10. Use Helm Hooks Wisely
Hooks for database migrations, pre-install checks, and cleanup.
11. Implement Rollback Strategy
Always test rollback before deploying to production.
12. Store Charts in a Private Registry
Use Harbor, Nexus, or cloud-native registries.
How SRExpert Helps with Helm
SRExpert provides a built-in Helm chart browser with 1-click installation, version management, and rollback capabilities. Browse repositories, compare versions, and deploy with confidence — all from a unified dashboard.