Hands-On Lab: Helm from Zero to Production
π― Lab Objectives
By the end of this lab, you will:
- Create a Helm chart from scratch
- Understand every Helm component
- Deploy an app using Helm
- Override values per environment
- Perform upgrade and rollback
- Troubleshoot Helm like a DevOps engineer
π§° Prerequisites
You need:
- Kubernetes cluster (Minikube / KIND / EKS)
- kubectl
- Helm v3+
Verify:
kubectl get nodes
helm version
π§ Lab Architecture (What We Build)
We will deploy a Python Flask app using Helm.
Components:
- Deployment
- Service
- Configurable replicas
- Configurable image
- Helm release management
1οΈβ£ Install Helm (if not installed)
brew install helm
Verify:
helm version
2οΈβ£ Create a New Helm Chart
helm create flask-app
This generates:
flask-app/
βββ Chart.yaml
βββ values.yaml
βββ templates/
β βββ deployment.yaml
β βββ service.yaml
β βββ ingress.yaml
β βββ hpa.yaml
β βββ serviceaccount.yaml
β βββ _helpers.tpl
3οΈβ£ Clean the Chart (DevOps Best Practice)
Delete what we donβt need for this lab:
rm -rf flask-app/templates/ingress.yaml
rm -rf flask-app/templates/hpa.yaml
rm -rf flask-app/templates/serviceaccount.yaml
rm -rf flask-app/templates/tests
4οΈβ£ Understand Chart.yaml
Open:
flask-app/Chart.yaml
Example:
apiVersion: v2
name: flask-app
description: Helm chart for Flask application
type: application
version: 0.1.0
appVersion: "1.0"
π DevOps knowledge
-
versionβ chart version -
appVersionβ app version
5οΈβ£ Configure values.yaml
Edit:
replicaCount: 2
image:
repository: aisalkyn85/python-todo
tag: v1
pullPolicy: IfNotPresent
service:
type: ClusterIP
port: 5000
This is where DevOps config lives, not YAML templates.
6οΈβ£ Understand Helm Templates (Critical)
Open:
templates/deployment.yaml
Key lines:
replicas: {{ .Values.replicaCount }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
π Helm renders this before applying to Kubernetes.
7οΈβ£ Dry Run (MOST IMPORTANT STEP)
helm install flask ./flask-app --dry-run --debug
You should see:
- Fully rendered Kubernetes YAML
- No resources created
π₯ This is how DevOps prevents outages
8οΈβ£ Install the Application
helm install flask ./flask-app
Verify:
helm list
kubectl get pods
kubectl get svc
9οΈβ£ Access the Application
Port-forward:
kubectl port-forward svc/flask-app 5000:5000
Open browser:
http://localhost:5000
π Override Values (Production Pattern)
Create:
values-prod.yaml
replicaCount: 4
image:
tag: v2
Upgrade:
helm upgrade flask ./flask-app -f values-prod.yaml
Verify:
kubectl get pods
Pods increase β zero downtime
1οΈβ£1οΈβ£ Helm Release Management
View release status:
helm status flask
View history:
helm history flask
1οΈβ£2οΈβ£ Break It on Purpose (Rollback Lab)
Simulate bad image:
image:
tag: does-not-exist
Upgrade:
helm upgrade flask ./flask-app -f values-prod.yaml
Pods fail.
1οΈβ£3οΈβ£ Rollback (WHY HELM EXISTS)
helm rollback flask 1
Pods recover instantly.
π‘ This is the #1 reason Helm is used in production
1οΈβ£4οΈβ£ Troubleshooting Like a DevOps Engineer
Helm-level debugging
helm get values flask
helm get manifest flask
helm lint ./flask-app
Kubernetes-level debugging
kubectl describe pod
kubectl logs pod
kubectl get events
π Helm installs β Kubernetes runs.
1οΈβ£5οΈβ£ Uninstall Cleanly
helm uninstall flask
Everything removed:
- Deployments
- Services
- Release metadata
π§ What You Just Learned (Critical)
You learned:
- Helm chart structure
- values.yaml vs templates
- Install / upgrade / rollback
- Dry-run debugging
- Real DevOps workflow
π§βπ» WHO uses this in real life?
- DevOps Engineers
- Platform Teams
- SREs
Used for:
- Applications
- Monitoring stacks
- Databases
- GitOps pipelines
Production-Grade Microservice Platform with Helm
This project demonstrates that you understand:
- Helm beyond helm install
- Environment separation (dev / stage / prod)
- ConfigMaps & Secrets via Helm
- Ingress + Services
- Rolling upgrades & rollback
- Helm troubleshooting
- How DevOps actually deploy apps
This is exactly what companies expect.
ποΈ Architecture Overview
Application Stack
π Ingress
|
βββββββββββ΄ββββββββββ
| |
frontend (React) backend (Flask API)
|
PostgreSQL
All components are deployed using Helm.
π Repository Structure (VERY IMPORTANT)
This structure alone is interview-level.
helm-microservice-platform/
βββ charts/
β βββ frontend/
β β βββ Chart.yaml
β β βββ values.yaml
β β βββ templates/
β β βββ deployment.yaml
β β βββ service.yaml
β β βββ ingress.yaml
β βββ backend/
β β βββ Chart.yaml
β β βββ values.yaml
β β βββ templates/
β β βββ deployment.yaml
β β βββ service.yaml
β β βββ configmap.yaml
β β βββ secret.yaml
β βββ database/
β βββ Chart.yaml
β βββ values.yaml
β βββ templates/
β βββ statefulset.yaml
β βββ service.yaml
β βββ pvc.yaml
βββ environments/
β βββ dev/
β β βββ frontend-values.yaml
β β βββ backend-values.yaml
β β βββ db-values.yaml
β βββ prod/
β β βββ frontend-values.yaml
β β βββ backend-values.yaml
β β βββ db-values.yaml
βββ README.md
π Core DevOps Concepts Demonstrated
1οΈβ£ Helm as an Application Manager
- Each service = separate chart
- Independent upgrades
- Independent rollbacks
2οΈβ£ Environment Separation (CRITICAL)
Example:
helm upgrade --install backend charts/backend \
-f environments/prod/backend-values.yaml
Same chart β different behavior β no duplication
3οΈβ£ ConfigMaps via Helm (Backend)
apiVersion: v1
kind: ConfigMap
metadata:
name: backend-config
data:
DB_HOST: {{ .Values.database.host }}
DB_PORT: "{{ .Values.database.port }}"
Injected into pods:
envFrom:
- configMapRef:
name: backend-config
4οΈβ£ Secrets via Helm (Safe Handling)
apiVersion: v1
kind: Secret
metadata:
name: backend-secret
type: Opaque
stringData:
DB_PASSWORD: {{ .Values.database.password }}
π Explain in interviews:
Helm renders secrets but Kubernetes encrypts them at rest.
5οΈβ£ Stateful Database via Helm
Database chart uses:
- StatefulSet
- PVC
- Headless Service
This proves you understand:
- Stateful workloads
- Storage
- Helm + databases
6οΈβ£ Ingress Controlled by Helm
hosts:
- host: app.prod.example.com
paths:
- /
Ingress is:
- Environment-specific
- Configurable
- Versioned
π Deployment Workflow (REAL LIFE)
Initial install (dev)
helm install frontend charts/frontend -f environments/dev/frontend-values.yaml
helm install backend charts/backend -f environments/dev/backend-values.yaml
helm install db charts/database -f environments/dev/db-values.yaml
Upgrade backend only
helm upgrade backend charts/backend -f environments/prod/backend-values.yaml
Rollback broken release
helm rollback backend 2
π₯ This is production-grade behavior
π§ͺ Failure & Troubleshooting Scenarios (INTERVIEW GOLD)
Scenario 1: Bad image pushed
- Pods CrashLoopBackOff
- Helm upgrade fails
- Rollback restores service instantly
Explain:
Helm protects Kubernetes deployments from bad releases.
Scenario 2: Wrong env variable
helm get manifest backend
kubectl describe pod
Explain:
Always inspect rendered YAML, not templates.
Scenario 3: DB not reachable
- Check ConfigMap
- Check Service DNS
- Check StatefulSet ordering
π§ What Interviewers LOVE About This Project
You can confidently say:
βI built a multi-service Helm platform with environment separation, database state management, Ingress routing, configuration via values files, and rollback-safe deployments.β
That sentence alone is senior-level.
𧩠Optional Advanced Add-Ons (Next Level)
You can extend this project with:
- Helm + Argo CD
- Helm hooks (pre-install DB migration)
- Helm tests
- External Secrets (AWS Secrets Manager)
- CI/CD pipeline deploying Helm
- Helm chart versioning strategy
π Why This Project Is βBetterβ
| Toy Helm Lab | This Project |
|---|---|
| Single chart | Multi-chart platform |
| No envs | Dev / Prod separation |
| No secrets | Secure config |
| No DB | Stateful workloads |
| No rollback | Real failure handling |
| Demo-only | Resume-ready |
Top comments (0)