Cloud Native Rejekts NA (Los Angeles + Hybrid) 2021

Don’t Read the Manual: Automating Helm Provisioning with Terraform
10-09, 14:50–15:20 (US/Pacific), Main stage

Helm is designed to take the guesswork (and a lot of the YAML) out of deploying a Kubernetes application. If you’ve ever needed to rapidly deploy a durable application, you’ve probably taken a long look at a Helm chart. And if you’re already using Helm, you’ve probably considered about how Infrastructure as Code (IaC) can simplify your workflow.

But how does Helm’s configuration interact with IaC state? What configuration is really authoritative—and with what scope? If you update an application that you Terraformed from a Helm chart, is your persistent data safe? And what about existing Helm-deployed applications—is it safe to import them into Terraform?

Clearly, Helm is incredibly powerful, but it’s also an abstraction, and no one has written the manual on how to integrate it with IaC. This talk will explain how Helm and Terraform work together under the hood, as well as exploring patterns to help Terraform practitioners safely engage with Helm charts and adopt Helm resources.


IaC has transformed the Kubernetes landscape, and Helm promises to further streamline application deployment. Even so, Helm’s role in the IaC ecosystem remains relatively obscure and sparsely documented; its potential remains out of reach for those who could benefit most from it.

There is a surprising lack of best practices for managing Helm deployments with IaC, and so teams that simply require durable, rapidly-deployed applications may be discouraged from exploring a Helm/IaC solution. This talk will seek to provide some foundational knowledge to remedy this.

In this talk, I will explain the models used by Terraform and Helm, and demystify their interaction. I will also examine some strategies for managing Helm with Terraform, and some patterns for engaging with Helm charts. I hope that this discussion will encourage IaC practitioners to embrace Helm (and vice versa), and that it will shed some light on the technology that makes Helm and IaC such a powerful combination.

Scott Reu is a Site Reliability Engineer at Cisco Meraki. He has a background in historical linguistics and network engineering, and he's on an eternal quest to automate infrastructure. In his spare time, he keeps his nose either in a science fiction book or in some recreational Computational Linguistics research. His thoughts, technological and otherwise, can be found on his blog and on popular microblogging website twitter dot com.