Helm
The helm resource deploys Helm charts to Kubernetes clusters. It supports charts from remote repositories, local directories, or Git references, with comprehensive configuration options for values, namespaces, and health checks.
Use Cases
Section titled “Use Cases”As a lab author, you can use helm resources to:
- Application Deployment: Deploy microservices, web applications, and API services using production-ready Helm charts
- Chart Customization: Override Helm chart values to customize deployments for specific lab requirements and configurations
Helm resources enable rapid deployment of complex Kubernetes applications with industry-standard configurations and best practices.
HCL Syntax
Section titled “HCL Syntax”Basic Syntax
Section titled “Basic Syntax”resource "helm" "name" { cluster = resource.k8s_cluster.main chart = "nginx"
repository { name = "bitnami" url = "https://charts.bitnami.com/bitnami" }}Full Syntax
Section titled “Full Syntax”resource "helm" "name" { cluster = resource.k8s_cluster.production
chart = "vault" version = "0.25.0" namespace = "vault" create_namespace = true
repository { name = "hashicorp" url = "https://helm.releases.hashicorp.com" }
values = "./values/vault-values.yaml" values_string = { "server.ha.enabled" = "true" "server.ha.replicas" = "3" "ui.enabled" = "true" }
skip_crds = false retry = 3 timeout = "300s"
health_check { timeout = "120s" pods = [ "app.kubernetes.io/name=vault", "app.kubernetes.io/instance=vault" ] }}Fields
Section titled “Fields”| Field | Required | Type | Description |
|---|---|---|---|
cluster | ✓ | reference to kubernetes_ | Reference to a Kubernetes cluster resource |
chart | ✓ | string | Chart name or path (repository chart, local path, or Git URL) |
version | string | Semver version of the chart (repository charts only). Defaults to latest. | |
namespace | string | Kubernetes namespace for deployment. Defaults to “default”. | |
create_ | bool | Create namespace if it doesn’t exist. Defaults to false. | |
repository | block | Remote repository configuration | |
values | string | Path to YAML values file | |
values_string | map(string) | Inline values as key-value pairs. Defaults to empty map. | |
skip_crds | bool | Skip installation of Custom Resource Definitions. Defaults to false. | |
retry | number | Number of retry attempts on failure. Defaults to 0. | |
timeout | string | Maximum time for chart installation. Defaults to “300s”. | |
health_check | block | Kubernetes health check configuration |
Repository Block
Section titled “Repository Block”helm → repository
Configures remote Helm chart repositories for downloading charts.
| Field | Required | Type | Description |
|---|---|---|---|
name | ✓ | string | Repository name |
url | ✓ | string | Repository URL |
Health Check Block
Section titled “Health Check Block”helm → health_check
Post-deployment health verification configuration.
| Field | Required | Type | Description |
|---|---|---|---|
timeout | ✓ | string | Health check timeout duration |
pods | ✓ | list(string) | Kubernetes selectors for pods to monitor |
Validation Rules
Section titled “Validation Rules”- Chart paths are made absolute relative to the config file location
- Values file paths are made absolute relative to the config file location
- Referenced cluster must exist and be healthy
- Repository URL must be valid if specified
- Timeout values must be valid Go duration strings
- Health check selectors must use valid Kubernetes label syntax
Examples
Section titled “Examples”Simple Chart from Repository
Section titled “Simple Chart from Repository”resource "k8s_cluster" "dev" { network { id = resource.network.main }}
resource "helm" "nginx" { cluster = resource.k8s_cluster.dev chart = "nginx"
repository { name = "bitnami" url = "https://charts.bitnami.com/bitnami" }
values_string = { "service.type" = "ClusterIP" "replicaCount" = "2" }}Chart with External Values File
Section titled “Chart with External Values File”resource "helm" "wordpress" { cluster = resource.k8s_cluster.web chart = "wordpress" version = "15.2.0" namespace = "wordpress" create_namespace = true
repository { name = "bitnami" url = "https://charts.bitnami.com/bitnami" }
values = "./values/wordpress-production.yaml"
values_string = { "wordpressPassword" = "secure-password" "mariadb.auth.rootPassword" = "root-password" }
health_check { timeout = "300s" pods = ["app.kubernetes.io/name=wordpress"] }}Local Chart Directory
Section titled “Local Chart Directory”resource "helm" "custom_app" { cluster = resource.k8s_cluster.dev chart = "./charts/my-application" namespace = "apps" create_namespace = true
values_string = { "image.tag" = "latest" "service.port" = "8080" }
health_check { timeout = "120s" pods = ["app=my-application"] }}High Availability Setup
Section titled “High Availability Setup”resource "helm" "vault" { cluster = resource.k8s_cluster.production chart = "vault" version = "0.25.0" namespace = "vault-system" create_namespace = true
repository { name = "hashicorp" url = "https://helm.releases.hashicorp.com" }
values = "./config/vault-ha.yaml"
values_string = { "server.ha.enabled" = "true" "server.ha.replicas" = "3" "server.ha.raft.enabled" = "true" "ui.enabled" = "true" "ui.serviceType" = "LoadBalancer" "server.resources.requests.memory" = "256Mi" "server.resources.requests.cpu" = "250m" }
retry = 3 timeout = "600s"
health_check { timeout = "300s" pods = [ "app.kubernetes.io/name=vault", "component=server" ] }}Chart from Git Repository
Section titled “Chart from Git Repository”resource "helm" "git_chart" { cluster = resource.k8s_cluster.dev chart = "git+https://github.com/my-org/helm-charts.git//charts/myapp?ref=v1.0.0" namespace = "development" create_namespace = true
values_string = { "environment" = "dev" "debug" = "true" }
health_check { timeout = "180s" pods = ["app=myapp"] }}Multiple Charts with Dependencies
Section titled “Multiple Charts with Dependencies”# Databaseresource "helm" "postgresql" { cluster = resource.k8s_cluster.app chart = "postgresql" version = "12.1.0" namespace = "database" create_namespace = true
repository { name = "bitnami" url = "https://charts.bitnami.com/bitnami" }
values_string = { "auth.postgresPassword" = "postgres-password" "auth.database" = "myapp" }
health_check { timeout = "120s" pods = ["app.kubernetes.io/name=postgresql"] }}
# Redis Cacheresource "helm" "redis" { cluster = resource.k8s_cluster.app chart = "redis" version = "17.3.0" namespace = "cache" create_namespace = true
repository { name = "bitnami" url = "https://charts.bitnami.com/bitnami" }
values_string = { "auth.enabled" = "false" "master.persistence.enabled" = "true" }
health_check { timeout = "90s" pods = ["app.kubernetes.io/name=redis"] }}
# Application (depends on database and cache)resource "helm" "myapp" { depends_on = [ resource.helm.postgresql, resource.helm.redis ]
cluster = resource.k8s_cluster.app chart = "./charts/myapp" namespace = "application" create_namespace = true
values_string = { "database.host" = "postgresql.database.svc.cluster.local" "database.name" = "myapp" "cache.host" = "redis.cache.svc.cluster.local" "replicas" = "3" }
health_check { timeout = "180s" pods = ["app=myapp"] }}Values File Examples
Section titled “Values File Examples”Example values.yaml for production
Section titled “Example values.yaml for production”replicaCount: 3
image: repository: myapp/webapp tag: "1.2.0" pullPolicy: Always
service: type: LoadBalancer port: 80 targetPort: 8080
resources: limits: cpu: 500m memory: 512Mi requests: cpu: 250m memory: 256Mi
autoscaling: enabled: true minReplicas: 3 maxReplicas: 10 targetCPUUtilizationPercentage: 70
ingress: enabled: true className: "nginx" annotations: cert-manager.io/cluster-issuer: "letsencrypt-prod" hosts: - host: webapp.example.com paths: - path: / pathType: Prefix tls: - secretName: webapp-tls hosts: - webapp.example.comIntegration with Other Resources
Section titled “Integration with Other Resources”With Service Resources
Section titled “With Service Resources”resource "helm" "api" { cluster = resource.k8s_cluster.app chart = "api" namespace = "default"
repository { name = "mycompany" url = "https://charts.mycompany.com" }}
resource "service" "api" { name = "api" port = 8080
target { resource = resource.k8s_cluster.app named_port = "http" config = { selector = "app=api" } }}With Ingress Resources
Section titled “With Ingress Resources”resource "ingress" "web" { port = 80
target { resource = resource.k8s_cluster.app named_port = "http" config = { selector = "app.kubernetes.io/name=webapp" } }}Best Practices
Section titled “Best Practices”- Version Pinning: Always specify chart versions in production environments
- Namespace Isolation: Use dedicated namespaces for different applications
- Values Management: Store complex values in external YAML files
- Health Checks: Configure appropriate health checks for critical applications
- Resource Limits: Set CPU and memory limits in chart values
- Secrets Management: Use Kubernetes secrets or external secret management
- Retry Logic: Enable retries for network-dependent installations
- Timeout Configuration: Set appropriate timeouts for complex charts