A single, opinionated Helm chart for deploying any Kubernetes application workload. Instead of maintaining separate charts per application, define your entire deployment through values.
helm install my-app ./chartpack -f values.yamlcontainers:
app:
image:
repository: nginx
tag: "1.27"
ports:
http:
port: 80
networking:
services:
http:
ports:
http:
port: 80This produces a Deployment with 1 replica, a ClusterIP Service, and a ServiceAccount.
Any workload type -- Deployment, StatefulSet, DaemonSet, CronJob, Job, or Argo Rollout -- all from a single chart with workloadType.
Full networking stack -- Services, Ingresses, Gateway API routes, Istio VirtualServices, Envoy Gateway policies, NetworkPolicies, and cert-manager Certificates. OAuth2 proxy autowiring for ingresses and routes.
Observability built in -- Prometheus/VictoriaMetrics monitors, alerting rules (PrometheusRule/VMRule), and Grafana dashboards.
Event-driven autoscaling -- HPA v2, VPA, and KEDA (ScaledObject + ScaledJob) with any trigger.
Secrets management -- ConfigMaps, Secrets, External Secrets, and auto-generated passwords via ESO (ArgoCD-safe). Stakater Reloader annotations auto-generated per resource.
Lifecycle hooks -- Pre-install/pre-upgrade Jobs for DB migrations, schema setup, etc. Auto-generates both Helm and Argo CD hook annotations. Hooks share the main workload's pod settings (SA, volumes, secrets).
Argo CD native -- Auto sync waves for ordered deployment, sync options, and dual hook annotations. Works with Argo CD, Flux, and Helm CLI without configuration changes.
Schema validation -- Catches misconfigurations at install time: missing mounts, port mismatches, conflicting settings.
| Guide | Description |
|---|---|
| Workloads | Deployment, StatefulSet, DaemonSet, CronJob, Job, Argo Rollout |
| Containers | Container spec, env, mounts, health checks, init/sidecar containers |
| Configuration | ConfigMaps, Secrets, External Secrets, auto-generated secrets |
| Persistence | PVCs, StatefulSet volume claim templates, static PV binding |
| RBAC | ServiceAccount, Roles, ClusterRoles, Bindings |
| Scheduling | Node affinity, tolerations, topology spread, priority classes |
| Guide | Description |
|---|---|
| Services & Ingresses | ClusterIP, NodePort, LoadBalancer, headless services, Ingress |
| Gateway API | HTTPRoute, GRPCRoute, TLSRoute, TCPRoute, UDPRoute, Envoy policies |
| Istio | VirtualService, DestinationRule, PeerAuthentication, AuthorizationPolicy |
| Certificates | cert-manager TLS certificates with auto-named secrets |
| Network Policies | Ingress/egress rules, deny-all, namespace/pod/IP selectors |
| OAuth2 Proxy | Sidecar and deployment mode, ingress/route autowiring |
| Guide | Description |
|---|---|
| Autoscaling | HPA v2, VPA, KEDA (ScaledObject, ScaledJob), Pod Disruption Budgets |
| Guide | Description |
|---|---|
| Monitoring | ServiceMonitor, PodMonitor, VMServiceScrape, VMPodScrape |
| Alerting | PrometheusRule, VMRule (alerting + recording rules) |
| Dashboards | GrafanaDashboard (inline JSON, grafana.com, URL, ConfigMap, Jsonnet) |
| Guide | Description |
|---|---|
| Argo CD | Sync waves, sync options, hook annotations |
| Hooks | Pre-install/pre-upgrade Jobs, Argo CD + Flux compatible |
| Guide | Description |
|---|---|
| Resource Quotas | LimitRange, ResourceQuota |
| Extra Resources | Escape hatch for arbitrary resources, global settings, pod settings |
- Kubernetes >= 1.28
- Helm >= 3.x
The core chart (Deployment, Service, Ingress, ConfigMap, Secret, HPA, PDB, RBAC) has zero external dependencies. Optional features require their respective operators:
| Feature | Operator | Values key | Version |
|---|---|---|---|
| Argo Rollouts | Argo Rollouts | workloadType: Rollout |
v1.6+ |
| VPA | Vertical Pod Autoscaler | autoscaling.vpa.enabled |
v1.0+ |
| KEDA autoscaling | KEDA | autoscaling.keda.enabled |
v2.12+ |
| Gateway API | Gateway API CRDs | networking.gatewayApi.routes |
v1.2+ |
| Envoy policies | Envoy Gateway | networking.gatewayApi.routes.*.policies.envoy |
v1.0+ |
| Istio mesh | Istio | networking.istio.* |
v1.20+ |
| TLS certificates | cert-manager | networking.certificates |
v1.12+ |
| External Secrets | ESO | config.externalSecrets / config.secrets.*.generate |
v0.9+ |
| Prometheus | Prometheus Operator | monitors / alerting (operator: prometheus) |
v0.70+ |
| VictoriaMetrics | VictoriaMetrics Operator | monitors / alerting (operator: victoriametrics) |
v0.44+ |
| Grafana dashboards | Grafana Operator | dashboards.grafana |
v5.22+ |
Tested configurations in ci/:
| File | Scenario |
|---|---|
minimal-values.yaml |
Simplest deployment |
deployment-values.yaml |
Deployment with ingress, HPA, monitoring |
statefulset-values.yaml |
StatefulSet with persistence |
daemonset-values.yaml |
DaemonSet with pod monitoring |
cronjob-values.yaml |
Scheduled batch job |
job-values.yaml |
One-shot job |
rollout-values.yaml |
Argo Rollout with canary strategy |
keda-values.yaml |
KEDA ScaledObject |
scaledjob-values.yaml |
KEDA ScaledJob |
full-values.yaml |
Every feature exercised |
See the fully commented values.yaml for all available options.
Apache License 2.0 -- see LICENSE.
![@github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=64&v=4){kind=small}
![@renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=64&v=4){kind=small}