Master Helm, the package manager for Kubernetes/OpenShift, in this comprehensive one-day course. Learn to create, manage, and deploy applications using Helm charts, understand chart templating, repository management, and best practices for Kubernetes deployments. Perfect for DevOps engineers and Kubernetes administrators looking to streamline their container orchestration workflow.

Students must be familiar with using kubernetes and should have an understanding of the basic kubernetes objects such as nodes, pods, deployments and services. Students should also be familiar with Yaml. We recommend students to follow our Core Kubernetes course before attending this course.

Welcome to the Ultimate Helm Course

Dive into the world of Kubernetes with our comprehensive one-day Helm course, designed to empower you with the skills and knowledge needed to excel using Helm. Whether you're using Helm in vanilla Kubernetes, AWS EKS, Azure AKS, or OKD/OpenShift, this course has you covered.

Why Choose Our Course?

• Hands-On Learning: We use OKD (the OpenShift upstream project) for all demos and labs, ensuring you get practical experience that translates seamlessly to any Kubernetes environment.
• Comprehensive Coverage: From the basics to advanced topics, we cover everything you need to know about Helm. Master Go Templating, chart development, repository management, and best practices for Kubernetes deployments.
• Security and Best Practices: We don't just teach you how to use Helm; we also emphasize security and vulnerability scanning concepts to ensure your deployments are robust and secure. Learn about chart signing, provenance files, and secure publishing to OCI registries.
• Real-World Applications: Gain practical experience with GitOps and implement CI/CD pipelines for automated testing, signing, and publishing of Helm charts.
• Industry-Standard Techniques: Develop production-grade Helm charts from scratch, implement advanced templating techniques, and learn how to manage dependencies and subcharts effectively.

Introduction to Helm

• Introduction to Helm
• Understanding Helm concepts (charts, subcharts, releases, …)
• Compare with Kustomize and discuss use cases for each
• Use Helm with Kustomize (helmCharts)
• Role of Helm in GitOps
• Understanding Helm Architecture
• Understanding Helm concepts (charts, releases, values, …)
• Introduce Chart repositories and OCI registries
• Using Artifact Hub (web and cli)
• Explore the helm tooling and the helm cli
• Use Helm environment variables
• Release management and release history
• Using different storage backends/helm drivers (sql/PostgreSQL/…)
• Managing release retention

Using Helm

In this hands-on lab, students systematically work through releasing different Charts while exploring various value configurations.

Helm Repositories

• Compare different repository formats and their use cases
• Overview of traditional Chart Repositories (HTTP/HTTPS) repository format
• Using OCI Registries (Open Container Initiative) repository format
• Finding charts
• Collecting information about a chart (values, helm source, metadata)
• Chart verification and security scanning using Provenance files

Use Charts to create Releases

• Installing and configuring releases
• Appreciate and leverage Chart SemVer Versioning
• Explore various ways to provide Values and overriding/unset defaults
• Providing complex values using cli (lists/arrays, objects/dict, null, …)
• Managing CRDs
• Using values JSON Schemas
• Understand Subcharts and global values
• Understand and run tests
• Managing the lifecycle of a release
• Rolling out new versions and checking compatability
• Tips on working with Charts
• Rollback strategies and version control
• Upgrading and downgrading releases

Developing and publishing Charts

In this major hands-on lab, participants will develop a comprehensive production-grade Helm chart from scratch. Through guided exercises, you'll implement advanced templating techniques, control structures, named templates, conditional dependencies, and library chart integrations. You'll gain practical experience with cluster introspection, file inclusion patterns, and industry-standard unit testing approaches. This foundational lab reinforces core Helm concepts while teaching real-world best practices for chart development. This lab prepares you to develop and maintain complex Helm charts for enterprise applications.

Defining Charts

• Understand the structure of a chart

• Discuss the un/installation order and means to manage this

• Using and writing scaffold starters

• Defining the chart.yaml manifest

• Deprecating charts (or specific versions)

• Documentation best practices

• Discuss naming strategies for values

• Defining JSON Schemas

• Discuss various CRD scenarios

• Introduction to template directives

• Use and overview of unit tests

• Using other 3rd party tools to aid development

• Development troubleshooting techniques (lint, dry-run, debug, local rendering, …) Chart validation and linting

Dependencies

• Link to Dependencies and sub-charts
• Explore legacy requirements.yaml
• Appreciate the Chart.lock file (and manage dependencies using the cli)
• Understand when to alias dependencies
• Define Conditional dependencies
• use import values to "export" values

Templating

• Introducing Go Templating

• Discuss Security considerations in templating

• Define the action syntax

• Introduce data evaluations and control structrues

• Understand the context cursor/ and dot-operator

• Understanding variables and values (and their scopes)

• Use built-in objects/data structures (e.g, .Chart, .Values, … .Capabilities, .Files, …)

• Understand the concept of action pipelines

• Introduce and use arguments (accessing fields, variables, literal values)

• Appreciate Sprig (templating functions)

• Working with functions and pipelines

• Discuss key functions for logic, strings, dict, lists, …

• Managing whitespace control and formatting

• Introduce flow control (if/else, with, range)

• Understand the concepts of empty, true, false, nil

• Find objects in the target cluster (lookup and .Capabilities)

• Using it-else for conditional templating

• Using with-else to define context and null-safety

• Using range with lists and dicts

• Use one or two range variables

• Accessing Files (for scripts, configmaps, scripts, …)

• Using files and the tpl function

Named Templates

• IntoNamed templates and template
• Understand the difference between include and template
• Passing data to templates
• Define validation and required template input
• Using named templates as functions
• Best practices and common patterns
• Conditional logic and template optimization
• Develop and use library charts and helper templates

Hooks

In the hands-on part, participants will implement Helm hooks to manage database migrations for their previously developed application chart. This practical exercise covers creating multiple hook resources, controlling their execution order, and templating SQL migration scripts. The lab demonstrates how hooks can be used effectively to automate jobs during application deployments and updates.

• Introduce Chart hooks
• List different hooks (e.g, pre/post-install, …)\
• Discuss hook use-cases (migration/backup jobs, notifications, …)
• Using hooks on non-pod/job Kubernetes Manifests
• Understand the role of hooks in Chart lifecycle management
• Influence hook order
• Manage hook retention and delete hooks
• Writing tests using hooks

Package, Signing and Publishing

During the lab at the end of this session, students gain hands-on experience with Helm chart security by packaging their previously developed chart and signing it using OpenPGP cryptographic signatures. Students will learn production-grade security practices including working with private OCI container registries, managing access credentials, implementing chart signing and verification, and securely publishing charts to secured registries. The lab covers enterprise security requirements for production Helm deployments.

• Creating chart package
• Managing versions of your package
• Publishing to *Helm Repository
• List *Helm Repository solutions and how to manage them (e.g ChartMuseum, GitHub Pages)
• Publishing to OCI Registry
• Helm Registries/OCI Repositories and authentication
• Using up Private OCI Repositories
• Signing Chart Packaging and publishing Provenance Files

Devops

Helm and GitOps

In this hands-on lab, participants will use GitOps (ArgoCD) to automate deployments of Helm charts from both Chart repositories and Git repositories, demonstrating real-world GitOps practices. You'll put into practice essential GitOps patterns .

While the lab focuses on ArgoCD, we include a thorough recap of ArgoCD concepts in this session. This ensures that students unfamiliar with ArgoCD can follow along and successfully complete the lab.

• Using Helm in GitOps
• Using helm in Flux (HelmRepository/HelmRelease)
• Different ways of how ArgoCD uses helm
• Registering and managing ArgoCD Repositories for helm
• Define an ArgoCD Application to release Charts in a Registry/Repository
• Using Chart in Git repos as an alternative to kustomize
• Managing values for Chart releases in ArgoCD

Helm CI/CD

This hands-on lab part provides practical experience with CI/CD for Helm charts using Tekton Pipelines. Participants will build a complete pipeline that performs unit testing, security vulnerability scanning, digital signing, and publication of a Helm chart from a Git repository.

While we use Tekton Pipelines during this section, we’ve included a comprehensive recap of key Tekton Pipeline concepts (Task, Pipeline, PipelineRun etc). This ensures that students unfamiliar with Tekton can follow along successfully. OpenShift users should note that Tekton is the upstream project for OpenShift Pipelines, making these concepts directly applicable.

• Discuss CI/CD pipelines requirements for Helm
• Using tekton tasks to pull Charts from Git
• Include Chart verification steps (linting, manifest validation, unit tests, vulnerability scanning)
• Package and Sign Charts in a pipeline
• Dealing with access control in pipelines