How to Use Helm Charts for Go Applications

The separation of concerns

You spent three days writing a Go HTTP server. It handles requests, logs errors, and shuts down cleanly when you press Ctrl+C. Now your team needs to run it on Kubernetes. You search for Go Helm integration and find tutorials that mix go mod commands with helm install. The confusion is understandable. Helm does not read Go files. It does not compile code. It does not care about your main.go or your interface definitions. Helm is a packaging and templating system for Kubernetes manifests. Your Go code ends at the container image. Helm begins where the image starts.

Think of Helm as a mail merge for infrastructure. You write a template with placeholders. You provide a values file that fills those placeholders. Helm merges them into valid Kubernetes YAML and sends it to the cluster. The template syntax looks like Go templates because it is Go templates. Helm uses the text/template and html/template packages from the standard library under the hood. That is the only connection to Go. The rest is pure YAML and configuration management.

This separation is intentional. Go compiles to a static binary. That binary runs inside a container. Kubernetes schedules containers. Helm configures Kubernetes. Each layer has a single responsibility. Mixing them creates fragile pipelines that break when you change a dependency or update a cluster version. Keep the boundaries sharp. Build the image first. Package the deployment second.

How the template engine actually works

Here is the smallest useful Helm chart. It defines a single deployment with a configurable replica count.

# values.yaml
# Default configuration that users can override during installation
replicaCount: 2
image:
  repository: myapp
  tag: "1.0.0"

# templates/deployment.yaml
# Kubernetes Deployment manifest rendered from Go template syntax
apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ .Release.Name }}-server
spec:
  replicas: {{ .Values.replicaCount }}
  selector:
    matchLabels:
      app: {{ .Release.Name }}
  template:
    metadata:
      labels:
        app: {{ .Release.Name }}
    spec:
      containers:
        - name: server
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
          ports:
            - containerPort: 8080

The {{ .Values.replicaCount }} expression pulls data from values.yaml. The {{ .Release.Name }} expression is injected automatically by Helm when you run helm install. Every template expression must be wrapped in double quotes if it appears inside a YAML string field. YAML parsers choke on unquoted curly braces.

When you run helm install my-release ./my-chart, Helm performs three steps. First, it reads Chart.yaml to verify the chart metadata. Second, it loads values.yaml and any --set flags you passed on the command line. Third, it runs the Go template engine against every file in the templates/ directory. The output is a stream of Kubernetes YAML objects. Helm sends that stream to the cluster API.

You can see the rendered output without touching a cluster by running helm template my-release ./my-chart. This dry run is essential. It catches syntax errors before they reach production. If a template expression references a missing key, the engine stops and prints template: deployment.yaml:12:25: executing "deployment.yaml" at <.Values.missingKey>: nil pointer evaluating interface {}.missingKey. The error points to the exact line and expression. Fix the values file or add a default with {{ default "fallback" .Values.missingKey }}.

Go developers often expect the compiler to catch these mistakes. Helm has no compiler. It has a renderer. The renderer fails fast, but only when you explicitly ask it to run. Treat helm template like go build. Run it before every commit.

Helm is a renderer, not a compiler. Test the output before you ship it.

A production-ready chart structure

Production charts need more than a deployment. They need services, resource limits, and graceful shutdown hooks. Here is a realistic chart structure for a Go web service.

# templates/deployment.yaml
# Production deployment with resource limits and lifecycle hooks
apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ .Release.Name }}-api
  labels:
    app.kubernetes.io/name: {{ .Chart.Name }}
spec:
  replicas: {{ .Values.replicaCount }}
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 1
  selector:
    matchLabels:
      app: {{ .Release.Name }}
  template:
    metadata:
      labels:
        app: {{ .Release.Name }}
    spec:
      terminationGracePeriodSeconds: 30
      containers:
        - name: api
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
          resources:
            requests:
              cpu: "100m"
              memory: "128Mi"
            limits:
              cpu: "500m"
              memory: "256Mi"
          livenessProbe:
            httpGet:
              path: /healthz
              port: 8080
            initialDelaySeconds: 5
            periodSeconds: 10

The terminationGracePeriodSeconds: 30 field matters for Go applications. Kubernetes sends SIGTERM to the container when it drains a pod. Your Go server needs time to finish in-flight requests and close database connections. If you set this too low, Kubernetes sends SIGKILL and drops active connections. If you set it too high, the pod hangs during rolling updates. Thirty seconds covers most HTTP workloads.

Go convention dictates that long-running services respect context cancellation. Map the OS signal to a context.Context and pass it to your database drivers and HTTP server. The deployment manifest handles the outer lifecycle. Your Go code handles the inner shutdown sequence. They work together when both sides follow their respective contracts.

Here is the matching service definition. It exposes the deployment to internal cluster traffic.

# templates/service.yaml
# ClusterIP service routing traffic to the deployment pods
apiVersion: v1
kind: Service
metadata:
  name: {{ .Release.Name }}-svc
  labels:
    app: {{ .Release.Name }}
spec:
  type: ClusterIP
  ports:
    - port: 80
      targetPort: 8080
      protocol: TCP
  selector:
    app: {{ .Release.Name }}

The selector field must match the pod labels in the deployment template. Kubernetes uses this match to route traffic. If the labels drift, the service stops receiving requests. Keep the label key consistent across all template files. Use {{ .Release.Name }} to namespace the labels automatically.

Go handles the application lifecycle. Helm handles the cluster lifecycle. Keep them separate.

Where charts break and how to fix them

Helm charts fail in predictable ways. The most common mistake is treating templates like static YAML. You change a value in values.yaml and expect the cluster to update automatically. It does not. You must run helm upgrade. Forgetting to upgrade leaves the old manifest running while your values file drifts. Use helm upgrade --install to handle both new releases and updates with a single command.

Another trap is unquoted template expressions inside YAML strings. YAML treats : and { as structural characters. If you write image: {{ .Values.image.repository }}:{{ .Values.image.tag }} without quotes, the parser throws yaml: line 15: mapping values are not allowed in this context. Always wrap template expressions in double quotes when they appear in string fields.

Secret management trips up beginners. Helm does not encrypt values at rest. If you put database passwords in values.yaml, they live in your Git repository as plain text. Use --set flags for sensitive data, or integrate a secrets operator. Never commit credentials to a chart repository.

Template functions also have quirks. The include function injects YAML snippets but adds a trailing newline. If you nest includes, you get blank lines that break strict YAML parsers. Use {{- include "helpers.labels" . | nindent 12 }} to trim whitespace and control indentation. The leading - in {{- strips whitespace before the expression. The trailing - in }}- strips whitespace after. Mastering whitespace control separates working charts from broken ones.

Debugging a deployed chart requires knowing where to look. Run helm status my-release to see the current release history and resource names. Run helm get values my-release to see exactly which values were applied. If a pod crashes, check the rendered manifest with helm get manifest my-release. Compare it against your local helm template output. The difference is usually a missing --set flag or a typo in the values file.

Go developers are used to gofmt enforcing a single style. Helm has no equivalent formatter. The community relies on helm lint and helm template for validation. Run them in your CI pipeline. Treat a failed lint run like a failed go vet. The boilerplate is unavoidable, but it keeps your deployments predictable.

Whitespace control is the difference between a working chart and a parsing error.

Choosing the right packaging tool

Use plain Kubernetes YAML when you have a single service with fixed configuration and no need for environment overrides. Use Helm when you deploy the same application across multiple environments and need to swap values without rewriting manifests. Use Kustomize when you want to patch and overlay existing YAML without learning a templating language. Use a Kubernetes Operator when your application requires custom reconciliation logic, stateful sidecars, or domain-specific lifecycle management. Use plain sequential code when you don't need concurrency: the simplest thing that works is usually the right thing.

Where to go next

• How to Build a Minimal Docker Image for Go (scratch, distroless, alpine)
• How to Handle Go Module Cache in Docker Builds
• How to Build a Kubernetes Operator in Go

Helm is a tool that helps you install and manage applications on Kubernetes clusters. Think of it like an app store for your server infrastructure, where you define how your Go program should run in a reusable package. You use it to deploy your compiled Go code into a running environment without manually writing complex configuration files every time.