Master Helm 4—whether you’re starting fresh or upgrading from Helm 3.
Helm 4 is the first major version of Helm in six years. Released in November 2025 at KubeCon, it brings a redesigned plugin system, server-side apply, enhanced OCI support, improved resource monitoring, and significant architectural changes that open the door to a new generation of capabilities.
This course covers Helm 4 completely. If you’re brand new to Helm, you’ll learn everything from scratch. If you’re already running Helm 3 in production, dedicated migration sections tell you exactly what changed, what to test, and how to upgrade safely.
No gaps. No assumptions. Just Helm 4, done right.
Who This Course Is For
- New Helm users who want to learn the current version from day one
- Helm 3 users who need to understand what changed and how to migrate
- Platform engineers and DevOps practitioners managing Kubernetes deployments at scale
- Developers who work with Kubernetes and want to package and ship applications with Helm
- CI/CD engineers building automated deployment pipelines
Whether you’ve never typed
helm installor you’ve been running Helm in production for years, this course meets you where you are.
What You’ll Get
- ~2 hours of focused, practical video content
- Complete coverage of Helm 4’s new features and architecture
- Dedicated sections for Helm 3 users covering every breaking change
- Hands-on demonstrations with real charts and clusters
- Migration checklist for production Helm 3 environments
What This Course Covers
1. Helm Fundamentals (Start Here)
Before anything else, this section builds a solid foundation in how Helm works—designed for new users, but a useful refresh for anyone upgrading.
You’ll learn:
- What Helm is and what problem it solves in the Kubernetes ecosystem
- Core concepts: charts, releases, repositories, and the Helm lifecycle
- Installing Helm 4 and configuring your environment
- Your first
helm install,helm upgrade, andhelm uninstall - How Helm interacts with Kubernetes under the hood
By the end, you’ll have a working mental model of Helm that everything else builds on.
Helm 3 users: The fundamentals haven’t changed—feel free to skim or skip ahead to the What’s New sections.
2. Charts: Structure, Templates, and Values
Charts are the heart of Helm. This section covers how they’re built, how they work, and how to write your own.
We cover:
- The anatomy of a Helm chart:
Chart.yaml,values.yaml, templates, helpers - Writing Go templates for Kubernetes manifests
- Using
values.yamleffectively and overriding values at install time - Helm’s built-in template functions and the Sprig library
- New in Helm 4: multi-document values files for managing complex environment configurations
- New in Helm 4: custom template functions via plugins
You’ll go from reading charts to writing them—with a clear understanding of what every file does.
Helm 3 users: Multi-document values and custom template functions are net-new—make sure to cover those subsections.
3. The New Plugin System
Helm 4 completely redesigned its plugin architecture. This is one of the most significant changes in the new version—and one of the most powerful.
This section covers:
- Helm’s three plugin types: CLI plugins, getter plugins, and post-renderer plugins
- New in Helm 4: The optional WebAssembly-based plugin runtime for enhanced security and broader capabilities
- How to install and use existing plugins
- Writing your own Wasm-based plugin
- Breaking change: Post-renderers are now plugins—executable post-renderers are no longer supported directly; a plugin name must be passed instead
Helm 3 users: If you use post-renderers in your pipelines, this section is critical. Your existing workflows will need to be updated.
4. Server-Side Apply
Helm 4 introduces server-side apply (SSA) as the default for new releases—a significant behavioral change with real implications for how Helm manages resources.
You’ll learn:
- What server-side apply is and how it differs from client-side apply
- Why SSA improves conflict resolution in environments with operators, GitOps tools, or multiple controllers
- How Helm 4’s “latching” behavior works: new releases default to SSA; upgraded Helm 3 releases retain client-side apply by default
- How to explicitly override apply behavior with
--server-side - Testing SSA in your environment before committing to it
Helm 3 users: Existing releases migrated from Helm 3 will default to client-side apply—this section explains exactly how and when SSA kicks in, and how to control it.
5. Enhanced OCI Support
OCI registries are now a first-class citizen in Helm 4, with expanded support for modern supply chain security practices.
This section covers:
- How Helm 4’s OCI registry support works end to end
- New in Helm 4: Installing charts by digest (
sha256:...) for reproducible, tamper-evident deployments - Breaking change:
helm registry loginnow requires a domain name only—full URLs are no longer accepted - Improved OAuth and token-based authentication for private registries
- Pulling charts from OCI indices that contain both container images and Helm charts
Helm 3 users: Update any scripts or CI jobs that call
helm registry loginwith full URLs.
6. Resource Monitoring and Release Lifecycle
Helm 4 significantly improves how it watches and waits for Kubernetes resources, making deployments more reliable and observable.
We cover:
- The new kstatus-based watcher and how it provides richer, more accurate resource status
- How
--waitnow supports explicit strategy selection, including--wait=hookOnly - Better timeout handling: no more SDK timeout errors when timeout is not specified
- Understanding
FailedStatusand how Helm 4 avoids premature failure on transient states - The renamed CLI flags:
--atomic→--rollback-on-failure,--force→--force-replace - Release history, rollback, and how
--keep-historynow correctly suspends previous deployed releases
Helm 3 users: The renamed flags are a common source of CI/CD breakage after upgrading—test all your pipelines before going to production.
7. Working with Repositories and Dependencies
Managing chart sources and dependencies is a core part of working with Helm at scale. This section covers both the basics and Helm 4 improvements.
You’ll learn:
- Adding and managing chart repositories
- Defining chart dependencies in
Chart.yaml - New in Helm 4: Concurrent dependency builds with atomic file writes (faster, safer)
- Content-based chart caching for faster repeated operations
- The
--no-headersflag forhelm repo list—useful for scripting and automation
8. Migrating from Helm 3 to Helm 4
This section is specifically for teams running Helm 3 in production.
A structured, end-to-end walkthrough of what you need to do to upgrade safely.
We cover:
- A complete inventory of breaking changes and what they mean for your setup
- Testing existing charts and releases against Helm 4 before cutting over
- Validating all three plugin types (CLI, getter, post-renderer)
- Updating CI/CD pipelines for renamed CLI flags
- Testing OCI workflows and registry authentication changes
- Handling post-renderer migrations
- What’s staying in Helm 3 during the support window (bug fixes until July 2026, security fixes until November 2026)
- A practical upgrade checklist you can run against your own environment
Helm 4 maintains backwards compatibility for charts—v2 charts continue to work unchanged. This section focuses on tooling, pipelines, and behavioral changes.
9. Advanced Helm 4 Patterns
Once you’re comfortable with the core, this section covers how to use Helm 4 effectively in real production environments.
Topics include:
- Structuring multi-environment deployments with multi-document values
- Using the stable SDK API for programmatic Helm operations
- Integrating Helm 4 into GitOps workflows
- Securing your supply chain with digest-based chart installs
- Performance tuning: content-based caching, concurrent dependency builds, and large-chart behavior
- Debugging with improved error messages and kstatus output
About the Instructor
Jay Vilalta is a software engineering leader with deep experience in Kubernetes, cloud infrastructure, and DevOps tooling. He has built and operated Helm-based deployment systems across cloud-native environments ranging from early-stage startups to enterprise platforms.
This course reflects hands-on experience with Helm across multiple major versions—including the transition from Helm 2 to Helm 3, and now the move to Helm 4.