AgentSkillsCN

helm-chart-builder

为Kubernetes应用构建生产就绪的Helm图表。在创建新图表、重构现有图表、添加Ingress/Gateway API/依赖项等功能,或遵循Helm最佳实践时使用此功能。

SKILL.md
--- frontmatter
name: helm-chart-builder
description: Build production-ready Helm charts for Kubernetes applications. Use when creating new charts, refactoring existing charts, adding features like Ingress/Gateway API/dependencies, or following Helm best practices.

Helm Chart Builder

Build production-ready Helm charts with standard patterns for:

  • Multi-tier web applications
  • API services with caching (Redis/Valkey)
  • Stateful services with persistence

Quick Start

Create New Chart

bash
helm create my-chart
cd my-chart

# Remove example files
rm -rf templates/tests/* templates/NOTES.txt templates/ingress.yaml
rm -rf templates/hpa.yaml templates/serviceaccount.yaml

Apply Standard Structure

Copy templates from assets/templates/:

FilePurpose
_helpers.tplStandard helper functions
deployment.yamlFull-featured deployment with probes
service.yamlClusterIP/NodePort/LoadBalancer support
serviceaccount.yamlService account for pod identity
configmap.yamlNon-sensitive environment variables
secret.yamlSensitive configuration
ingress.yamlIngress with TLS support
httproute.yamlGateway API HTTPRoute support
pvc.yamlPersistent volume claim for storage
hpa.yamlHorizontal pod autoscaling
NOTES.txtPost-install instructions

Chart Structure

code
my-chart/
├── Chart.yaml           # Metadata + dependencies
├── values.yaml          # Default configuration
├── .helmignore          # Build exclusions
└── templates/
    ├── _helpers.tpl     # Template helpers
    ├── deployment.yaml  # Main workload
    ├── service.yaml     # Service exposure
    ├── serviceaccount.yaml  # Service account (optional)
    ├── configmap.yaml   # Env vars (non-sensitive)
    ├── secret.yaml      # Env vars (sensitive)
    ├── ingress.yaml     # Ingress (optional)
    ├── httproute.yaml   # Gateway API (optional)
    ├── pvc.yaml         # Persistence (optional)
    ├── hpa.yaml         # Autoscaling (optional)
    └── NOTES.txt        # User instructions

Core Templates

1. Deployment Template

Key features to include:

  • Labels and selectors using helpers
  • ConfigMap/Secret checksum for rollout triggers
  • Three probe types: startup, liveness, readiness
  • Resource limits and requests
  • Security contexts
  • Volume mounts for persistence

See assets/templates/deployment.yaml

2. Service Template

Support three types:

  • ClusterIP (default)
  • NodePort
  • LoadBalancer

3. Config Management

Separate sensitive and non-sensitive:

yaml
# values.yaml
env:      # -> ConfigMap (non-sensitive)
  LOG_LEVEL: info
  PORT: 3000

secrets:  # -> Secret (base64 encoded)
  API_KEY: ""
  DATABASE_URL: ""

Reference deployment to inject:

yaml
envFrom:
  - configMapRef:
      name: {{ include "chart.fullname" . }}-config
  - secretRef:
      name: {{ include "chart.fullname" . }}-secret

4. Ingress Support

Standard Ingress + Gateway API HTTPRoute:

yaml
# values.yaml
ingress:
  enabled: false
  className: nginx
  hosts: []
  tls: []

httpRoute:
  enabled: false
  parentRefs: []
  hostnames: []

Best Practices

Values.yaml Organization

yaml
# 1. Base configuration
replicaCount: 1
image:
  repository: app
  tag: ""
  pullPolicy: IfNotPresent

# 2. Service configuration
service:
  type: ClusterIP
  port: 80

# 3. Networking
ingress:
  enabled: false
  # ...

httpRoute:
  enabled: false
  # ...

# 4. Storage
persistence:
  enabled: false
  size: 1Gi
  storageClass: ""

# 5. Resources and scaling
resources: {}
autoscaling:
  enabled: false
  # ...

# 6. Application-specific
env: {}
secrets: {}

Naming Conventions

Use standard helpers in _helpers.tpl:

yaml
{{- define "chart.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}

{{- define "chart.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}

{{- define "chart.labels" -}}
helm.sh/chart: {{ include "chart.chart" . }}
{{ include "chart.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}

{{- define "chart.selectorLabels" -}}
app.kubernetes.io/name: {{ include "chart.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}

Dependencies

Add to Chart.yaml:

yaml
dependencies:
  - name: valkey
    version: ~2.0.0
    repository: https://valkey-io.github.io/valkey-helm
    condition: valkey.enabled

Testing

bash
# Template validation
helm template my-release ./my-chart

# Dry run
helm install --dry-run --debug my-release ./my-chart

# Lint
helm lint ./my-chart

Common Patterns

Pattern: Auto-detect Internal Dependency Host

yaml
# deployment.yaml
env:
  {{- if .Values.valkey.enabled }}
  - name: REDIS_HOST
    value: "{{ .Release.Name }}-valkey"
  {{- end }}

Pattern: Conditional Resource Creation

yaml
# Only create if enabled AND not existing
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
apiVersion: v1
kind: PersistentVolumeClaim
...
{{- end }}

Pattern: Rollout Trigger on Config Change

yaml
annotations:
  checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
  checksum/secrets: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}

References