Internal Chart Repository and Library Charts
Built and maintained a Helm chart repository serving 1,000+ microservices, including library charts for common patterns like web services, workers, and scheduled jobs with integrated observability.
GitOps Deployment Pipeline with ArgoCD
Implemented Helm-based GitOps deployment pipeline handling Black Friday traffic scaling, with automated chart testing, semantic versioning, and multi-environment promotion workflows.
Multi-Tenant Creative Cloud Deployments
Designed Helm chart structures for multi-tenant SaaS deployments across Adobe Creative Cloud services, with strict resource isolation, secrets management, and automated security scanning.
Backstage Integration for Developer Self-Service
Integrated Helm chart deployment capabilities into Backstage developer portal, enabling self-service deployments with standardized configurations and automated compliance checks.
What Helm Engineers Actually Build
Before writing your job description, understand what Helm work looks like at different companies. The complexity varies dramatically based on your Kubernetes maturity.
Streaming & Media
Spotify uses Helm as a core component of their Backstage developer portal:
- Standardized Helm chart templates for all microservices
- Custom Helm plugins integrated with Backstage catalog
- Automated chart versioning and dependency management
- Library charts providing shared configurations
Netflix employs Helm for their developer tools infrastructure:
- Complex charts for internal development environments
- Multi-environment value overrides (dev/staging/prod)
- Integration with their custom deployment orchestration
- Chart testing pipelines with Helm unittest
E-Commerce & Retail
Shopify relies heavily on Helm for deployment standardization:
- 100+ custom Helm charts for merchant-facing services
- Helm hooks for database migrations during deployments
- ArgoCD + Helm for GitOps-style continuous delivery
- Chart repositories with automated security scanning
Airbnb has built an extensive Helm ecosystem:
- Internal chart repository serving 1,000+ microservices
- Library charts for common patterns (web services, workers, cron jobs)
- Helm-based developer self-service platform
- Integration with their custom service mesh configuration
Enterprise & SaaS
Adobe uses Helm across their creative cloud infrastructure:
- Multi-tenant Helm deployments with strict isolation
- Complex subchart dependencies for enterprise applications
- Helm Secrets integration for secure credential management
- Automated chart promotion across environment stages
Salesforce leverages Helm for their Kubernetes platform:
- Standard chart structures enforced by policy
- Custom Helm operators for application lifecycle management
- Advanced templating for multi-region deployments
- Comprehensive chart documentation and onboarding
Understanding Helm: Charts, Templating, and Releases
Helm organizes Kubernetes resources into packages called "charts." Here's what your candidates should understand:
Chart Structure
A Helm chart is a directory containing:
- Chart.yaml: Metadata about the chart (name, version, dependencies)
- values.yaml: Default configuration values
- templates/: Kubernetes manifest templates using Go templating
- charts/: Subcharts (dependencies)
Strong Helm candidates understand how these pieces interact. They can explain why you'd use subcharts vs. library charts, when to split values files, and how to structure templates for maintainability.
Templating Power and Complexity
Helm uses Go's template language with additional functions from Sprig. This ranges from simple to complex:
Simple: Injecting values into manifests
- Variable substitution:
{{ .Values.replicas }} - Conditionals:
{{ if .Values.ingress.enabled }} - Loops:
{{ range .Values.extraEnvVars }}
Advanced: Chart library patterns
- Named templates and partials
- Template inheritance with
includeandtpl - Generating complex structures programmatically
- Cross-chart value sharing
Expert: Production-grade patterns
- Library charts for organizational standards
- Schema validation with values.schema.json
- Post-render hooks for Kustomize integration
- Helm SDK for custom tooling
Release Management
Helm tracks deployments as "releases" with built-in versioning:
- helm install: Create a new release
- helm upgrade: Update an existing release with new chart/values
- helm rollback: Revert to a previous release version
- helm history: View release history with revision tracking
Senior candidates understand release lifecycle, atomic upgrades, rollback strategies, and how Helm stores release state (Kubernetes Secrets by default).
Helm vs Kustomize: A Critical Hiring Distinction
This is increasingly asked in interviews. Understanding the tradeoffs reveals Kubernetes maturity:
When Teams Choose Helm
- Complex applications: Multi-component apps with many configuration options
- Third-party software: Installing databases, monitoring stacks, ingress controllers
- Distribution: Sharing charts publicly or across teams
- Templating needs: Dynamic configuration based on environment/context
- Companies using this: Spotify, Airbnb, Shopify
When Teams Choose Kustomize
- Simpler applications: Straightforward services without heavy configuration
- GitOps native: Works seamlessly with ArgoCD and Flux
- No templating: Plain YAML with overlays and patches
- Kubernetes native: Built into kubectl (no additional tooling)
- Companies using this: Intuit, Lyft, many Google-adjacent companies
The Modern Reality: Using Both
Many organizations use both tools together:
- Helm for complex charts (databases, third-party software)
- Kustomize for environment-specific overlays
- Helm post-renderers piping output to Kustomize
- ArgoCD supporting both natively
Interview insight: Ask candidates about this tradeoff. Those who dogmatically prefer one tool haven't worked in diverse environments. Pragmatic engineers choose the right tool for each use case.
GitOps and Helm: Modern Deployment Practices
GitOps has become the standard for Kubernetes deployments. Helm integrates into GitOps workflows in several ways:
ArgoCD + Helm
The most common pattern at companies like Shopify and Adobe:
- ArgoCD natively understands Helm charts
- Charts deployed from Git repositories or Helm registries
- Value overrides stored in Git alongside application definitions
- Automatic sync on chart or values changes
Flux + Helm
Common at companies adopting the Flux ecosystem:
- HelmRelease custom resources define deployments
- HelmRepository resources point to chart sources
- Values and chart versions managed declaratively
- Automatic image updates with Flux's image automation
Chart Repositories and OCI
Modern Helm supports OCI registries for chart storage:
- Harbor, GitHub Container Registry, AWS ECR for charts
- Versioned artifacts with signature verification
- Integration with existing container registries
- ChartMuseum for self-hosted repositories
Interview signal: Ask how candidates manage chart versions in GitOps. Those who describe pulling latest versions for production don't understand release management. Look for pinned versions, automated updates, and promotion workflows.
Recruiter's Cheat Sheet: Spotting Great Candidates
Conversation Starters That Reveal Skill Level
Instead of asking "Do you know Helm?", try these:
| Question | Junior Answer | Senior Answer |
|---|---|---|
| "How do you structure a Helm chart?" | "I use the default template from helm create" | "Library charts for shared logic, named templates for reusable components, values schemas for validation" |
| "How do you manage secrets in Helm?" | "Just put them in values.yaml" | "helm-secrets with SOPS, external secrets operator, or sealed secrets depending on GitOps requirements" |
| "What's your chart testing strategy?" | "I run helm install and check if it works" | "helm template for rendering, helm lint for validation, helm unittest for template assertions, staging environment validation" |
Resume Signals That Matter
✅ Look for:
- Chart authorship experience ("Built 20+ internal Helm charts")
- Specific tooling (ArgoCD, Flux, ChartMuseum, Harbor)
- Scale metrics ("Chart repository serving 50+ teams")
- Library chart experience ("Created library charts for service mesh configuration")
- GitOps integration ("Implemented Helm-based GitOps pipeline")
🚫 Be skeptical of:
- Only helm install/upgrade experience (consumer, not creator)
- No mention of values management or secrets
- "Helm expert" without specific chart authorship
- Listing Helm without corresponding Kubernetes depth
- Generic descriptions ("Used Helm for deployments")
GitHub/Portfolio Signals
Strong candidates might have:
- Public Helm charts with meaningful complexity
- Contributions to official charts or bitnami charts
- Helm plugins or tooling extensions
- Chart testing examples with unittest or ct
Common Hiring Mistakes
1. Requiring Helm Without Kubernetes Depth
Helm is a layer on top of Kubernetes. Someone who deeply understands Kubernetes can learn Helm in days. Someone who knows Helm syntax but not Kubernetes fundamentals will write broken charts.
Better approach: Require Kubernetes expertise and list Helm as preferred. The underlying platform knowledge matters more.
2. Conflating Chart Consumer vs. Chart Author
Using helm install prometheus is trivial. Building production-quality charts with proper templating, hooks, testing, and documentation requires significant experience.
Shopify's approach: They distinguish "uses Helm" (most engineers) from "builds Helm infrastructure" (platform team).
3. Ignoring the GitOps Context
Helm doesn't exist in isolation—it's part of a deployment ecosystem. A candidate who knows Helm but has never worked with GitOps, CI/CD pipelines, or chart repositories is missing critical context.
Better approach: Ask about their full deployment workflow, not just Helm syntax.
4. Over-Indexing on Helm for Platform Roles
For platform engineering roles, Helm is one tool among many. Deep Kubernetes expertise, Terraform/Pulumi for infrastructure, and programming skills (Go, Python) often matter more than advanced Helm templating.
Better approach: Test for systems thinking and automation skills, not just Helm syntax.
5. Not Specifying Your Helm Ecosystem
Companies use Helm differently. Are you using ArgoCD or Flux? Helm 3 or (rarely) Helm 2? OCI registries or ChartMuseum? Internal charts or mostly third-party? Being specific helps candidates self-select.
Better approach: Document your actual Helm ecosystem in the job description.
Advanced Topics: What Separates Senior Helm Engineers
Helm Hooks and Lifecycle Management
Hooks allow running jobs at specific points in a release lifecycle:
- pre-install/post-install: Database migrations, secrets provisioning
- pre-upgrade/post-upgrade: Blue-green cutover, cache warming
- pre-delete/post-delete: Backup creation, resource cleanup
- test hooks: Release verification tests
Senior engineers understand hook ordering, failure handling, and when hooks are overkill vs. necessary.
Library Charts and Organizational Standards
Large organizations create library charts to enforce standards:
- Common labels and annotations
- Security context configurations
- Resource limit defaults
- Monitoring integrations
This is advanced work requiring deep understanding of Helm templating and organizational deployment patterns.
Chart Testing and CI/CD
Production-grade chart development includes:
- helm lint: Syntax and best practice validation
- helm template: Render templates without installing
- helm unittest: Assert template output
- chart-testing (ct): Test chart changes in CI
- kind/k3d: Local cluster testing before merge
Schema Validation
Modern Helm charts use values.schema.json to validate input:
- Type checking for values
- Required fields enforcement
- Enum constraints for valid options
- Documentation generation from schema
Helm in the Modern Kubernetes Ecosystem
OCI Registries Are the Future
Helm 3.8+ supports OCI registries natively:
- Store charts alongside container images
- Use existing registry authentication
- Benefit from registry features (scanning, signing)
- Simplify chart distribution infrastructure
Helm + Kustomize Post-Renderers
The best of both worlds:
- Helm for complex templating and packaging
- Kustomize for environment-specific patches
- ArgoCD/Flux support both natively
- Reduces chart complexity by moving overlays to Kustomize
Helmfile for Multi-Chart Orchestration
Organizations with many charts often use Helmfile:
- Declare multiple releases in a single file
- Environment-specific configurations
- Dependency ordering between releases
- Secrets management integration
This is common at companies like Airbnb managing hundreds of services.