Implementing Base Helm Charts for Standardized Kubernetes Deployments

The Challenge

In a growing organization with multiple development teams deploying services to Kubernetes, maintaining consistent deployment practices while allowing for service-specific customization can be challenging. Each team might:

  • Create their own Helm charts from scratch
  • Implement different security practices
  • Use varying resource configurations
  • Handle environment-specific settings differently
  • Miss important Kubernetes updates or best practices

The Solution: Base Helm Charts

We implemented a Base Helm Chart strategy that provides a standardized foundation for all service deployments while maintaining flexibility for team-specific needs. This approach allows the DevOps team to:

  • Maintain and update deployment best practices centrally
  • Roll out security improvements across all services
  • Standardize resource management and monitoring
  • Handle Kubernetes version upgrades consistently
  • Provide new features to all services automatically

Implementation Details

Chart Structure

# Base Chart (base-chart/)
Chart.yaml
values.yaml
templates/
  deployment.yaml
  service.yaml
  ingress.yaml
  hpa.yaml
  pdb.yaml
  network-policy.yaml
  service-account.yaml
  # ... other common resources

# Service Chart (my-service/)
Chart.yaml
values.yaml
values-dev.yaml
values-staging.yaml
values-prod.yaml

Chart Dependencies

# Service Chart.yaml
dependencies:
  - name: base-chart
    version: "1.2.3"
    repository: "https://helm.mycompany.com"

Environment-Specific Overrides

# values-dev.yaml
replicaCount: 1
resources:
  requests:
    memory: "256Mi"
    cpu: "100m"

# values-prod.yaml
replicaCount: 3
resources:
  requests:
    memory: "1Gi"
    cpu: "500m"

Key Features

1. Standardized Best Practices

  • Consistent security configurations
  • Standard resource requests and limits
  • Uniform monitoring and logging setup
  • Common network policies
  • Standardized health checks

2. Environment Management

  • Environment-specific value overrides
  • Gradual rollout capabilities
  • Consistent configuration across environments
  • Simplified environment promotion

3. Developer Experience

  • Minimal YAML required from development teams
  • Clear documentation of available options
  • Easy to understand value overrides
  • Quick start templates for new services

4. DevOps Control

  • Centralized updates to deployment patterns
  • Automated security patch distribution
  • Consistent Kubernetes version management
  • Standardized monitoring and alerting

Example Usage

Service Chart Values

# my-service/values.yaml
image:
  repository: my-service
  tag: latest

service:
  port: 8080
  type: ClusterIP

ingress:
  enabled: true
  host: my-service.mycompany.com

# Override any base chart defaults
resources:
  requests:
    memory: "512Mi"
    cpu: "200m"

Environment-Specific Overrides

# my-service/values-prod.yaml
replicaCount: 3
resources:
  requests:
    memory: "1Gi"
    cpu: "500m"
  limits:
    memory: "2Gi"
    cpu: "1000m"

ingress:
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt-prod"

Benefits

  1. Reduced Complexity - Development teams focus on service-specific configuration, minimal YAML to maintain, clear separation of concerns
  2. Improved Security - Centralized security updates, consistent security policies, automated security patch distribution
  3. Better Maintainability - Single source of truth for deployment patterns, easier Kubernetes version upgrades, simplified troubleshooting
  4. Enhanced Developer Experience - Quick service deployment, clear documentation, reduced learning curve
  5. Operational Excellence - Consistent monitoring, standardized logging, uniform resource management

Best Practices

  1. Version Management - Semantic versioning for base charts, clear changelog, backward compatibility considerations
  2. Documentation - Comprehensive value documentation, usage examples, migration guides
  3. Testing - Automated chart testing, environment validation, upgrade path testing
  4. Security - Regular security audits, automated vulnerability scanning, RBAC best practices

Conclusion

Implementing Base Helm Charts has significantly improved our Kubernetes deployment process. Development teams can now deploy services with minimal configuration while maintaining the flexibility to customize when needed. The DevOps team can effectively manage best practices and roll out improvements across all services. This approach has reduced deployment complexity, improved security, and enhanced overall operational efficiency.

The key to success has been finding the right balance between standardization and flexibility, ensuring that teams can move quickly while maintaining consistent, secure, and maintainable deployments.