Back to Details

helm-chart-builder

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Helm Chart Builder

Helm Chart 构建工具

Production-grade Helm charts. Sensible defaults. Secure by design. No cargo-culting.
Opinionated Helm workflow that turns ad-hoc Kubernetes manifests into maintainable, testable, reusable charts. Covers chart structure, values design, template patterns, dependency management, and security hardening.
Not a Helm tutorial — a set of concrete decisions about how to build charts that operators trust and developers don't fight.
生产级Helm Chart。合理默认配置。设计即安全。拒绝盲目照搬。
这套 opinionated 的Helm工作流可将临时Kubernetes清单转换为可维护、可测试、可复用的Chart。涵盖Chart结构、values设计、模板模式、依赖管理和安全加固。
这不是Helm教程——而是一组关于如何构建运维人员信任、开发人员无需费力维护的Chart的具体决策。

Slash Commands

斜杠命令

CommandWhat it does
/helm:create
Scaffold a production-ready Helm chart with best-practice structure
/helm:review
Analyze an existing chart for issues — missing labels, hardcoded values, template anti-patterns
/helm:security
Audit chart for security issues — RBAC, network policies, pod security, secrets handling
命令功能
/helm:create
基于最佳实践结构搭建生产就绪的Helm Chart
/helm:review
分析现有Chart的问题——缺失标签、硬编码值、模板反模式
/helm:security
审计Chart的安全问题——RBAC、网络策略、Pod安全、密钥处理

When This Skill Activates

技能触发场景

Recognize these patterns from the user:
  • "Create a Helm chart for this service"
  • "Review my Helm chart"
  • "Is this chart secure?"
  • "Design a values.yaml"
  • "Add a subchart dependency"
  • "Set up helm tests"
  • "Helm best practices for [workload type]"
  • Any request involving: Helm chart, values.yaml, Chart.yaml, templates, helpers, _helpers.tpl, subcharts, helm lint, helm test
If the user has a Helm chart or wants to package Kubernetes resources → this skill applies.
识别用户的以下请求模式:
  • "为这个服务创建Helm Chart"
  • "审核我的Helm Chart"
  • "这个Chart安全吗?"
  • "设计values.yaml"
  • "添加子Chart依赖"
  • "设置helm测试"
  • "[工作负载类型]的Helm最佳实践"
  • 任何涉及以下内容的请求:Helm Chart、values.yaml、Chart.yaml、模板、助手、_helpers.tpl、子Chart、helm lint、helm test
如果用户已有Helm Chart或想要打包Kubernetes资源 → 适用本技能。

Workflow

工作流

/helm:create
— Chart Scaffolding

/helm:create
— Chart脚手架搭建

  1. Identify workload type
    • Web service (Deployment + Service + Ingress)
    • Worker (Deployment, no Service)
    • CronJob (CronJob + ServiceAccount)
    • Stateful service (StatefulSet + PVC + Headless Service)
    • Library chart (no templates, only helpers)
  2. Scaffold chart structure
    mychart/
├── Chart.yaml              # Chart metadata and dependencies
├── values.yaml             # Default configuration
├── values.schema.json      # Optional: JSON Schema for values validation
├── .helmignore             # Files to exclude from packaging
├── templates/
│   ├── _helpers.tpl        # Named templates and helper functions
│   ├── deployment.yaml     # Workload resource
│   ├── service.yaml        # Service exposure
│   ├── ingress.yaml        # Ingress (if applicable)
│   ├── serviceaccount.yaml # ServiceAccount
│   ├── hpa.yaml            # HorizontalPodAutoscaler
│   ├── pdb.yaml            # PodDisruptionBudget
│   ├── networkpolicy.yaml  # NetworkPolicy
│   ├── configmap.yaml      # ConfigMap (if needed)
│   ├── secret.yaml         # Secret (if needed)
│   ├── NOTES.txt           # Post-install usage instructions
│   └── tests/
│       └── test-connection.yaml
└── charts/                 # Subcharts (dependencies)
  3. Apply Chart.yaml best practices
    METADATA
├── apiVersion: v2 (Helm 3 only — never v1)
├── name: matches directory name exactly
├── version: semver (chart version, not app version)
├── appVersion: application version string
├── description: one-line summary of what the chart deploys
└── type: application (or library for shared helpers)

DEPENDENCIES
├── Pin dependency versions with ~X.Y.Z (patch-level float)
├── Use condition field to make subcharts optional
├── Use alias for multiple instances of same subchart
└── Run helm dependency update after changes
  4. Generate values.yaml with documentation
    • Every value has an inline comment explaining purpose and type
    • Sensible defaults that work for development
    • Override-friendly structure (flat where possible, nested only when logical)
    • No hardcoded cluster-specific values (image registry, domain, storage class)
  5. Validate
    bash
    python3 scripts/chart_analyzer.py mychart/
helm lint mychart/
helm template mychart/ --debug
  1. 识别工作负载类型
    • Web服务(Deployment + Service + Ingress)
    • 工作节点(Deployment,无Service)
    • CronJob(CronJob + ServiceAccount)
    • 有状态服务(StatefulSet + PVC + Headless Service)
    • 库Chart(无模板,仅包含助手)
  2. 搭建Chart结构
    mychart/
├── Chart.yaml              # Chart元数据与依赖
├── values.yaml             # 默认配置
├── values.schema.json      # 可选:values验证用JSON Schema
├── .helmignore             # 打包时排除的文件
├── templates/
│   ├── _helpers.tpl        # 命名模板与助手函数
│   ├── deployment.yaml     # 工作负载资源
│   ├── service.yaml        # 服务暴露
│   ├── ingress.yaml        # Ingress(如适用)
│   ├── serviceaccount.yaml # ServiceAccount
│   ├── hpa.yaml            # HorizontalPodAutoscaler
│   ├── pdb.yaml            # PodDisruptionBudget
│   ├── networkpolicy.yaml  # NetworkPolicy
│   ├── configmap.yaml      # ConfigMap(如需要)
│   ├── secret.yaml         # Secret(如需要)
│   ├── NOTES.txt           # 安装后使用说明
│   └── tests/
│       └── test-connection.yaml
└── charts/                 # 子Chart(依赖)
  3. 应用Chart.yaml最佳实践
    元数据
├── apiVersion: v2(仅Helm 3版本——绝不使用v1)
├── name: 与目录名称完全匹配
├── version: 语义化版本(Chart版本,而非应用版本)
├── appVersion: 应用版本字符串
├── description: 一行文字概述Chart部署的内容
└── type: application(或library用于共享助手)

依赖
├── 使用~X.Y.Z锁定依赖版本(补丁级浮动)
├── 使用condition字段将子Chart设为可选
├── 使用alias处理同一子Chart的多个实例
└修改后运行helm dependency update
  4. 生成带文档的values.yaml
    • 每个值都有行内注释说明用途和类型
    • 适用于开发环境的合理默认值
    • 易于覆盖的结构(尽可能扁平化,仅在逻辑需要时嵌套)
    • 无硬编码的集群特定值(镜像仓库、域名、存储类)
  5. 验证
    bash
    python3 scripts/chart_analyzer.py mychart/
helm lint mychart/
helm template mychart/ --debug

/helm:review
— Chart Analysis

/helm:review
— Chart分析

  1. Check chart structure
    CheckSeverityFix
    Missing _helpers.tplHighCreate helpers for common labels and selectors
    No NOTES.txtMediumAdd post-install instructions
    No .helmignoreLowCreate one to exclude .git, CI files, tests
    Missing Chart.yaml fieldsMediumAdd description, appVersion, maintainers
    Hardcoded values in templatesHighExtract to values.yaml with defaults
  2. Check template quality
    CheckSeverityFix
    Missing standard labelsHighUse 
    app.kubernetes.io/*
    labels via _helpers.tpl
    No resource requests/limitsCriticalAdd resources section with defaults in values.yaml
    Hardcoded image tagHighUse 
    {{ .Values.image.repository }}:{{ .Values.image.tag }}
    No imagePullPolicyMediumDefault to 
    IfNotPresent
    , overridable
    Missing liveness/readiness probesHighAdd probes with configurable paths and ports
    No pod anti-affinityMediumAdd preferred anti-affinity for HA
    Duplicate template codeMediumExtract into named templates in _helpers.tpl
  3. Check values.yaml quality
    bash
    python3 scripts/values_validator.py mychart/values.yaml
  4. Generate review report
    HELM CHART REVIEW — [chart name]
Date: [timestamp]

CRITICAL: [count]
HIGH:     [count]
MEDIUM:   [count]
LOW:      [count]

[Detailed findings with fix recommendations]
  1. 检查Chart结构
    检查项严重程度修复方案
    缺失_helpers.tpl创建通用标签和选择器的助手
    无NOTES.txt添加安装后说明
    无.helmignore创建文件以排除.git、CI文件、测试文件
    缺失Chart.yaml字段添加description、appVersion、maintainers
    模板中存在硬编码值提取到values.yaml并设置默认值
  2. 检查模板质量
    检查项严重程度修复方案
    缺失标准标签通过_helpers.tpl使用
    app.kubernetes.io/*
    标签
    无资源请求/限制关键在values.yaml中添加带默认值的resources部分
    硬编码镜像标签使用
    {{ .Values.image.repository }}:{{ .Values.image.tag }}
    无imagePullPolicy默认设为
    IfNotPresent
    ,支持覆盖
    缺失存活/就绪探针添加可配置路径和端口的探针
    无Pod反亲和性添加用于高可用的首选反亲和性
    重复模板代码提取到_helpers.tpl中的命名模板
  3. 检查values.yaml质量
    bash
    python3 scripts/values_validator.py mychart/values.yaml
  4. 生成审核报告
    HELM CHART 审核 — [Chart名称]
日期: [时间戳]

关键: [数量]
高:     [数量]
中:     [数量]
低:     [数量]

[带修复建议的详细发现]

/helm:security
— Security Audit

/helm:security
— 安全审计

  1. Pod security audit
    CheckSeverityFix
    No securityContextCriticalAdd runAsNonRoot, readOnlyRootFilesystem
    Running as rootCriticalSet 
    runAsNonRoot: true
    , 
    runAsUser: 1000
    Writable root filesystemHighSet 
    readOnlyRootFilesystem: true
    + emptyDir for tmp
    All capabilities retainedHighDrop ALL, add only specific needed caps
    Privileged containerCriticalSet 
    privileged: false
    , use specific capabilities
    No seccomp profileMediumSet 
    seccompProfile.type: RuntimeDefault
    allowPrivilegeEscalation trueHighSet 
    allowPrivilegeEscalation: false
  2. RBAC audit
    CheckSeverityFix
    No ServiceAccountMediumCreate dedicated SA, don't use default
    automountServiceAccountToken trueMediumSet to false unless pod needs K8s API access
    ClusterRole instead of RoleMediumUse namespace-scoped Role unless cluster-wide needed
    Wildcard permissionsCriticalUse specific resource names and verbs
    No RBAC at allLowAcceptable if pod doesn't need K8s API access
  3. Network and secrets audit
    CheckSeverityFix
    No NetworkPolicyMediumAdd default-deny ingress + explicit allow rules
    Secrets in values.yamlCriticalUse external secrets operator or sealed-secrets
    No PodDisruptionBudgetMediumAdd PDB with minAvailable for HA workloads
    hostNetwork: trueHighRemove unless absolutely required (e.g., CNI plugin)
    hostPID or hostIPCCriticalNever use in application charts
  4. Generate security report
    SECURITY AUDIT — [chart name]
Date: [timestamp]

CRITICAL: [count]
HIGH:     [count]
MEDIUM:   [count]
LOW:      [count]

[Detailed findings with remediation steps]
  1. Pod安全审计
    检查项严重程度修复方案
    无securityContext关键添加runAsNonRoot、readOnlyRootFilesystem
    以root身份运行关键设置
    runAsNonRoot: true
    runAsUser: 1000
    可写根文件系统设置
    readOnlyRootFilesystem: true
    + 用于tmp的emptyDir
    保留所有权限移除ALL权限,仅添加所需的特定权限
    特权容器关键设置
    privileged: false
    ,使用特定权限
    无seccomp配置文件设置
    seccompProfile.type: RuntimeDefault
    allowPrivilegeEscalation为true设置
    allowPrivilegeEscalation: false
  2. RBAC审计
    检查项严重程度修复方案
    无ServiceAccount创建专用SA,不使用默认SA
    automountServiceAccountToken为true除非Pod需要K8s API访问,否则设为false
    使用ClusterRole而非Role除非需要集群范围权限,否则使用命名空间级Role
    通配符权限关键使用特定资源名称和动词
    无RBAC配置如果Pod不需要K8s API访问则可接受
  3. 网络与密钥审计
    检查项严重程度修复方案
    无NetworkPolicy添加默认拒绝Ingress + 明确允许规则
    values.yaml中包含密钥关键使用外部密钥操作器或密封密钥
    无PodDisruptionBudget为高可用工作负载添加带minAvailable的PDB
    hostNetwork: true除非绝对必要(如CNI插件)否则移除
    hostPID或hostIPC关键应用Chart中绝不使用
  4. 生成安全报告
    安全审计 — [Chart名称]
日期: [时间戳]

关键: [数量]
高:     [数量]
中:     [数量]
低:     [数量]

[带修复步骤的详细发现]

Tooling

工具集

scripts/chart_analyzer.py

scripts/chart_analyzer.py

CLI utility for static analysis of Helm chart directories.
Features:
  • Chart structure validation (required files, directory layout)
  • Template anti-pattern detection (hardcoded values, missing labels, no resource limits)
  • Chart.yaml metadata checks
  • Standard labels verification (app.kubernetes.io/*)
  • Security baseline checks
  • JSON and text output
Usage:
bash
undefined
用于Helm Chart目录静态分析的CLI工具。
功能:
  • Chart结构验证(必填文件、目录布局)
  • 模板反模式检测(硬编码值、缺失标签、无资源限制)
  • Chart.yaml元数据检查
  • 标准标签验证(app.kubernetes.io/*)
  • 安全基线检查
  • JSON和文本输出
用法:
bash
undefined

Analyze a chart directory

分析Chart目录

python3 scripts/chart_analyzer.py mychart/
python3 scripts/chart_analyzer.py mychart/

JSON output

JSON输出

python3 scripts/chart_analyzer.py mychart/ --output json
python3 scripts/chart_analyzer.py mychart/ --output json

Security-focused analysis

聚焦安全的分析

python3 scripts/chart_analyzer.py mychart/ --security
undefined
python3 scripts/chart_analyzer.py mychart/ --security
undefined

scripts/values_validator.py

scripts/values_validator.py

CLI utility for validating values.yaml against best practices.
Features:
  • Documentation coverage (inline comments)
  • Type consistency checks
  • Hardcoded secrets detection
  • Default value quality analysis
  • Structure depth analysis
  • Naming convention validation
  • JSON and text output
Usage:
bash
undefined
用于验证values.yaml是否符合最佳实践的CLI工具。
功能:
  • 文档覆盖率(行内注释)
  • 类型一致性检查
  • 硬编码密钥检测
  • 默认值质量分析
  • 结构深度分析
  • 命名规范验证
  • JSON和文本输出
用法:
bash
undefined

Validate values.yaml

验证values.yaml

python3 scripts/values_validator.py values.yaml
python3 scripts/values_validator.py values.yaml

JSON output

JSON输出

python3 scripts/values_validator.py values.yaml --output json
python3 scripts/values_validator.py values.yaml --output json

Strict mode (fail on warnings)

严格模式(警告即失败)

python3 scripts/values_validator.py values.yaml --strict

---
python3 scripts/values_validator.py values.yaml --strict

---

Template Patterns

模板模式

Pattern 1: Standard Labels (_helpers.tpl)

模式1:标准标签(_helpers.tpl)

yaml
{{/*
Common labels for all resources.
*/}}
{{- define "mychart.labels" -}}
helm.sh/chart: {{ include "mychart.chart" . }}
app.kubernetes.io/name: {{ include "mychart.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}

{{/*
Selector labels (subset of common labels — must be immutable).
*/}}
{{- define "mychart.selectorLabels" -}}
app.kubernetes.io/name: {{ include "mychart.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
yaml
{{/*
所有资源的通用标签。
*/}}
{{- define "mychart.labels" -}}
helm.sh/chart: {{ include "mychart.chart" . }}
app.kubernetes.io/name: {{ include "mychart.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}

{{/*
选择器标签(通用标签的子集——必须不可变)。
*/}}
{{- define "mychart.selectorLabels" -}}
app.kubernetes.io/name: {{ include "mychart.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}

Pattern 2: Conditional Resources

模式2:条件资源

yaml
{{- if .Values.ingress.enabled -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: {{ include "mychart.fullname" . }}
  labels:
    {{- include "mychart.labels" . | nindent 4 }}
  {{- with .Values.ingress.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
spec:
  {{- if .Values.ingress.tls }}
  tls:
    {{- range .Values.ingress.tls }}
    - hosts:
        {{- range .hosts }}
        - {{ . | quote }}
        {{- end }}
      secretName: {{ .secretName }}
    {{- end }}
  {{- end }}
  rules:
    {{- range .Values.ingress.hosts }}
    - host: {{ .host | quote }}
      http:
        paths:
          {{- range .paths }}
          - path: {{ .path }}
            pathType: {{ .pathType }}
            backend:
              service:
                name: {{ include "mychart.fullname" $ }}
                port:
                  number: {{ $.Values.service.port }}
          {{- end }}
    {{- end }}
{{- end }}
yaml
{{- if .Values.ingress.enabled -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: {{ include "mychart.fullname" . }}
  labels:
    {{- include "mychart.labels" . | nindent 4 }}
  {{- with .Values.ingress.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
spec:
  {{- if .Values.ingress.tls }}
  tls:
    {{- range .Values.ingress.tls }}
    - hosts:
        {{- range .hosts }}
        - {{ . | quote }}
        {{- end }}
      secretName: {{ .secretName }}
    {{- end }}
  {{- end }}
  rules:
    {{- range .Values.ingress.hosts }}
    - host: {{ .host | quote }}
      http:
        paths:
          {{- range .paths }}
          - path: {{ .path }}
            pathType: {{ .pathType }}
            backend:
              service:
                name: {{ include "mychart.fullname" $ }}
                port:
                  number: {{ $.Values.service.port }}
          {{- end }}
    {{- end }}
{{- end }}

Pattern 3: Security-Hardened Pod Spec

模式3:安全加固的Pod Spec

yaml
spec:
  serviceAccountName: {{ include "mychart.serviceAccountName" . }}
  automountServiceAccountToken: false
  securityContext:
    runAsNonRoot: true
    runAsUser: 1000
    fsGroup: 1000
    seccompProfile:
      type: RuntimeDefault
  containers:
    - name: {{ .Chart.Name }}
      securityContext:
        allowPrivilegeEscalation: false
        readOnlyRootFilesystem: true
        capabilities:
          drop:
            - ALL
      image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
      imagePullPolicy: {{ .Values.image.pullPolicy }}
      resources:
        {{- toYaml .Values.resources | nindent 8 }}
      volumeMounts:
        - name: tmp
          mountPath: /tmp
  volumes:
    - name: tmp
      emptyDir: {}
yaml
spec:
  serviceAccountName: {{ include "mychart.serviceAccountName" . }}
  automountServiceAccountToken: false
  securityContext:
    runAsNonRoot: true
    runAsUser: 1000
    fsGroup: 1000
    seccompProfile:
      type: RuntimeDefault
  containers:
    - name: {{ .Chart.Name }}
      securityContext:
        allowPrivilegeEscalation: false
        readOnlyRootFilesystem: true
        capabilities:
          drop:
            - ALL
      image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
      imagePullPolicy: {{ .Values.image.pullPolicy }}
      resources:
        {{- toYaml .Values.resources | nindent 8 }}
      volumeMounts:
        - name: tmp
          mountPath: /tmp
  volumes:
    - name: tmp
      emptyDir: {}

Values Design Principles

Values设计原则

STRUCTURE
├── Flat over nested (image.tag > container.spec.image.tag)
├── Group by resource (service.*, ingress.*, resources.*)
├── Use enabled: true/false for optional resources
├── Document every key with inline YAML comments
└── Provide sensible development defaults

NAMING
├── camelCase for keys (replicaCount, not replica_count)
├── Boolean keys: use adjectives (enabled, required) not verbs
├── Nested keys: max 3 levels deep
└── Match upstream conventions (image.repository, image.tag, image.pullPolicy)

ANTI-PATTERNS
├── Hardcoded cluster URLs or domains
├── Secrets as default values
├── Empty strings where null is correct
├── Deeply nested structures (>3 levels)
├── Undocumented values
└── values.yaml that doesn't work without overrides
结构
├── 优先扁平化而非嵌套(image.tag > container.spec.image.tag)
├── 按资源分组(service.*、ingress.*、resources.*)
├── 使用enabled: true/false控制可选资源
├── 为每个键添加行内YAML注释文档
└── 提供适用于开发环境的合理默认值

命名
├── 键使用驼峰式(replicaCount,而非replica_count)
├── 布尔键:使用形容词(enabled、required)而非动词
├── 嵌套键:最多3层深度
└── 匹配上游约定(image.repository、image.tag、image.pullPolicy)

反模式
├── 硬编码集群URL或域名
├── 将密钥设为默认值
├── 用空字符串代替null
├── 深度嵌套结构(>3层)
├── 未文档化的值
└── 不覆盖就无法工作的values.yaml

Dependency Management

依赖管理

SUBCHARTS
├── Use Chart.yaml dependencies (not requirements.yaml — Helm 3)
├── Pin versions: version: ~15.x.x (patch float)
├── Use condition: to make optional: condition: postgresql.enabled
├── Use alias: for multiple instances of same chart
├── Override subchart values under subchart name key in values.yaml
└── Run helm dependency update before packaging

LIBRARY CHARTS
├── type: library in Chart.yaml — no templates directory
├── Export named templates only — no rendered resources
├── Use for shared labels, annotations, security contexts
└── Version independently from application charts
子Chart
├── 使用Chart.yaml管理依赖(Helm 3不使用requirements.yaml)
├── 锁定版本:version: ~15.x.x(补丁级浮动)
├── 使用condition: 将子Chart设为可选:condition: postgresql.enabled
├── 使用alias: 处理同一Chart的多个实例
├── 在values.yaml中子Chart名称键下覆盖子Chart值
└── 打包前运行helm dependency update

库Chart
├── 在Chart.yaml中设置type: library——无templates目录
├── 仅导出命名模板——无渲染资源
├── 用于共享标签、注解、安全上下文
└── 独立于应用Chart进行版本管理

Proactive Triggers

主动触发

Flag these without being asked:
  • No _helpers.tpl → Create one. Every chart needs standard labels and fullname helpers.
  • Hardcoded image tag in template → Extract to values.yaml. Tags must be overridable.
  • No resource requests/limits → Add them. Pods without limits can starve the node.
  • Running as root → Add securityContext. No exceptions for production charts.
  • No NOTES.txt → Create one. Users need post-install instructions.
  • Secrets in values.yaml defaults → Remove them. Use placeholders with comments explaining how to provide secrets.
  • No liveness/readiness probes → Add them. Kubernetes needs to know if the pod is healthy.
  • Missing app.kubernetes.io labels → Add via _helpers.tpl. Required for proper resource tracking.
无需用户询问即可标记以下问题:
  • 无_helpers.tpl → 创建一个。每个Chart都需要标准标签和全名助手。
  • 模板中硬编码镜像标签 → 提取到values.yaml。标签必须可覆盖。
  • 无资源请求/限制 → 添加它们。无限制的Pod可能耗尽节点资源。
  • 以root身份运行 → 添加securityContext。生产Chart绝不例外。
  • 无NOTES.txt → 创建一个。用户需要安装后说明。
  • values.yaml默认值中包含密钥 → 移除它们。使用占位符并添加注释说明如何提供密钥。
  • 无存活/就绪探针 → 添加它们。Kubernetes需要知道Pod是否健康。
  • 缺失app.kubernetes.io标签 → 通过_helpers.tpl添加。这是正确跟踪资源的必需项。

Installation

安装

One-liner (any tool)

单行命令(支持任意工具)

bash
git clone https://github.com/alirezarezvani/claude-skills.git
cp -r claude-skills/engineering/helm-chart-builder ~/.claude/skills/
bash
git clone https://github.com/alirezarezvani/claude-skills.git
cp -r claude-skills/engineering/helm-chart-builder ~/.claude/skills/

Multi-tool install

多工具安装

bash
./scripts/convert.sh --skill helm-chart-builder --tool codex|gemini|cursor|windsurf|openclaw
bash
./scripts/convert.sh --skill helm-chart-builder --tool codex|gemini|cursor|windsurf|openclaw

OpenClaw

OpenClaw

bash
clawhub install cs-helm-chart-builder
bash
clawhub install cs-helm-chart-builder

Related Skills

相关技能

  • senior-devops — Broader DevOps scope (CI/CD, IaC, monitoring). Complementary — use helm-chart-builder for chart-specific work, senior-devops for pipeline and infrastructure.
  • docker-development — Container building. Complementary — docker-development builds the images, helm-chart-builder deploys them to Kubernetes.
  • ci-cd-pipeline-builder — Pipeline construction. Complementary — helm-chart-builder defines the deployment artifact, ci-cd-pipeline-builder automates its delivery.
  • senior-security — Application security. Complementary — helm-chart-builder covers Kubernetes-level security (RBAC, pod security), senior-security covers application-level threats.
  • senior-devops — 更广泛的DevOps范围(CI/CD、IaC、监控)。互补技能——使用helm-chart-builder处理Chart相关工作,使用senior-devops处理流水线和基础设施。
  • docker-development — 容器构建。互补技能——docker-development构建镜像,helm-chart-builder将其部署到Kubernetes。
  • ci-cd-pipeline-builder — 流水线构建。互补技能——helm-chart-builder定义部署制品,ci-cd-pipeline-builder自动化其交付。
  • senior-security — 应用安全。互补技能——helm-chart-builder覆盖Kubernetes级安全(RBAC、Pod安全),senior-security覆盖应用级威胁。