- Authors
- Name
- Youngju Kim
- @fjvbn20031
- 1. Release Storage Structure
- 2. Install Flow
- 3. Upgrade Flow
- 4. Rollback Flow
- 5. Hook System
- 6. Uninstall Flow
- 7. Atomic Install and Wait
- 8. Release Information Queries
- 9. Summary
1. Release Storage Structure
1.1 Release Data in Secrets
Helm manages all release revisions as Kubernetes Secrets.
kubectl get secrets -l owner=helm,name=my-release -n default
# sh.helm.release.v1.my-release.v1 helm.sh/release.v1 1 30m
# sh.helm.release.v1.my-release.v2 helm.sh/release.v1 1 15m
1.2 Release History
helm history my-release
helm upgrade my-release ./my-chart --history-max 5
2. Install Flow
1. Load chart and resolve dependencies
2. Merge values (defaults + user values)
3. Render templates (execute Go templates)
4. Validate YAML
5. Install CRDs (crds/ directory)
6. Execute pre-install hooks
7. Create resources via Kubernetes API
8. Store release Secret (status: deployed)
9. Execute post-install hooks
10. Output NOTES.txt
helm install my-release ./my-chart -n production --create-namespace
helm install my-release ./my-chart -f production-values.yaml --set image.tag=v2.0.0
helm install my-release ./my-chart --dry-run=server
helm install my-release ./my-chart --atomic --timeout 5m
helm install my-release ./my-chart --wait --timeout 10m
3. Upgrade Flow
3.1 Three-way Strategic Merge Patch
Helm 3's key improvement compares three states:
Previous Release Manifest (Old Chart)
- compare -
Current Live State (Live State)
- compare -
New Release Manifest (New Chart)
Benefits:
- Recognizes changes made directly via kubectl
- Prevents unnecessary resource recreation
- Safely merges manual changes
helm upgrade my-release ./my-chart -f new-values.yaml
helm upgrade --install my-release ./my-chart
helm upgrade my-release ./my-chart --reuse-values --set image.tag=v2.1.0
helm upgrade my-release ./my-chart --reset-values -f new-values.yaml
helm diff upgrade my-release ./my-chart -f new-values.yaml
4. Rollback Flow
1. Load target revision release data
2. Use that revision's manifest as "new manifest"
3. Calculate changes via three-way merge
4. Execute pre-rollback hooks
5. Apply resources
6. Store release with new revision number
7. Execute post-rollback hooks
helm rollback my-release # Previous revision
helm rollback my-release 2 # Specific revision
helm history my-release
helm get manifest my-release --revision 2
Important: Rollback creates a new revision based on the previous revision's chart and values, rather than simply restoring old manifests.
5. Hook System
5.1 Hook Types
| Hook | Execution Timing |
|---|---|
| pre-install | After template rendering, before resource creation |
| post-install | After all resources loaded into cluster |
| pre-delete | On delete request, before resource deletion |
| post-delete | After all resources deleted |
| pre-upgrade | On upgrade, before resource update |
| post-upgrade | After resource update |
| pre-rollback | On rollback, before resource rollback |
| post-rollback | After resource rollback |
| test | On helm test execution |
5.2 Hook Definition Example
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "my-chart.fullname" . }}-db-migrate
annotations:
"helm.sh/hook": pre-upgrade,pre-install
"helm.sh/hook-weight": "-5"
"helm.sh/hook-delete-policy": before-hook-creation
spec:
template:
spec:
restartPolicy: Never
containers:
- name: migrate
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
command: ["./migrate", "--up"]
5.3 Hook Delete Policies
| Policy | Description |
|---|---|
| before-hook-creation | Delete previous hook resource before new hook execution |
| hook-succeeded | Delete on hook success |
| hook-failed | Delete on hook failure |
6. Uninstall Flow
helm uninstall my-release
helm uninstall my-release --keep-history
helm uninstall my-release --dry-run
Note: CRDs are not deleted on uninstall and require manual removal.
7. Atomic Install and Wait
7.1 --wait Flag
Waits until: Deployments Ready, Services have IPs, Jobs Complete, PVCs Bound.
7.2 --atomic Flag
Includes --wait plus auto-uninstall on install failure, auto-rollback on upgrade failure.
helm install my-release ./my-chart --atomic --timeout 5m
8. Release Information Queries
helm list --all-namespaces
helm status my-release
helm get values my-release --all
helm get manifest my-release
helm get notes my-release
helm get all my-release
9. Summary
Key aspects of the Helm release lifecycle:
- Secret-based revision management: All release history managed as Kubernetes Secrets
- Three-way Merge: Safe upgrades by comparing previous manifest, live state, and new manifest
- Hook system: Custom logic injection at each lifecycle stage
- Atomic deployment: Automatic rollback on failure for reliability
- History-based rollback: Creates new revisions based on previous revision's chart/values