Helm 4: Revolutionizing Kubernetes Package Management
After six long years, Helm, the Kubernetes application package manager, has finally unveiled its major upgrade, Helm 4.0.0. This release not only marks a decade of Helm's journey under the CNCF's guidance but also brings a host of exciting improvements and a fresh perspective to the world of Kubernetes.
Helm 4's SDK is packed with enhancements, making integration and development a breeze. It adopts modern Go logging interfaces, enabling multi-logger support and the embedding of Helm's functionality directly into other applications. Additionally, Helm 4 now supports server-side apply, a Kubernetes feature that shifts the logic from kubectl apply to the API server, reflecting a broader trend in the Kubernetes ecosystem.
But here's where it gets controversial... The plugin system has undergone a complete rebuild, allowing users to write plugins in WebAssembly (WASM) for enhanced portability. However, the traditional Helm plugins still function, providing a smooth transition for existing users. Furthermore, chart distribution, performance, and chart signing and testing automation have all seen significant improvements.
And this is the part most people miss... These changes aren't just about adding new features; they're about addressing design debt accumulated during the Helm v3 era, as highlighted by co-founder Rimantas Mocevicius in his blog post. The Helm Improvement Proposal (HIP-0012) guided this release, setting a clear schedule and emphasizing the careful introduction of breaking changes alongside feature development.
From a user's perspective, Jimmy Song's blog post captures the essence of Helm 4's modernization. He suggests that with the addition of server-side apply (SSA), Helm aligns more closely with GitOps methods, bringing it up to speed with modern Kubernetes practices. Song believes that Helm is evolving from a mere chart renderer to a powerful deployment orchestrator.
One of the most contentious issues in the Helm ecosystem revolves around Custom Resource Definitions (CRDs). A proposal for more robust CRD updating behavior, including merging new versions and ensuring backward compatibility, has been submitted but not yet incorporated into Helm 4. Existing documentation warns that updated CRDs in the crds folder are skipped, causing concerns among users.
Community feedback reflects a sense of disappointment, with users expressing their frustration on Reddit. One user commented, "Still no improvements on the CRD front? ::(", highlighting Helm's inability to safely manage CRD lifecycles. Another user shared their organization's reliance on annotation-based CRDs, emphasizing the non-trivial nature of adapting to any changes in Helm's CRD logic.
Heinan Cabouly's commentary adds another layer to the discussion, arguing that GitOps tools like Argo CD had already addressed some of Helm's workflow gaps years ago. While Helm 4 is a significant milestone, it feels more like a catch-up than a reinvention, according to Cabouly.
Despite these controversies, practitioners and bloggers have praised Helm 4's deployment safety improvements, particularly the new readiness-based controls that reduce race conditions during rollouts. Pierre-Louis Gueugnon, writing for Enix, applauds the smarter chart cache and performance enhancements, viewing them as practical quality-of-life upgrades for frequent, large-scale deployments.
Looking ahead, the Helm maintainers have indicated that features not initially adopted for v4 may find their way into minor releases or even Helm 5. The community eagerly awaits the day when CRD upgrades become safe, stable, and well-documented, paving the way for broader adoption.
About the Author
Matt Saunders
