dtsong/helm-generation
skills/helm-generation/SKILL.md
Use when creating Helm values.yaml files, converting docker-compose to Helm, or reviewing Helm configurations. Produces minimal-diff values that only override chart defaults. Triggers on 'helm values', 'create values.yaml', 'deploy to kubernetes'.
$ install --global
skillsauthnpx skillsauth add dtsong/my-claude-setup helm-generationInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 26, 2026, 4:56 AM117.5s1 file scanned
SKILL.md
- name:
- helm-generation
- description:
- Use when creating Helm values.yaml files, converting docker-compose to Helm, or reviewing Helm configurations. Produces minimal-diff values that only override chart defaults. Triggers on 'helm values', 'create values.yaml', 'deploy to kubernetes'.
Helm Values Generation Skill
Generate Helm values files that only override necessary defaults.
Core Principles
- Minimal diff: Output ONLY values that differ from chart defaults
- Proper types: Booleans as booleans, not strings
- Constraint validation: Verify values against chart's allowed options
- CLI args for metadata:
name/namespaceare CLI args, not values - Verification-first: Read chart defaults before generating
Process
Step 1: Analyze Chart
Before generating values, understand the chart:
# Get chart info
helm show values <chart> [--version <version>]
# Or for OCI charts
helm show values oci://registry/chart
# Check chart README for constraints
helm show readme <chart>
Gather:
[ ] Default values identified
[ ] Required values (no defaults) identified
[ ] Value constraints documented (enums, ranges)
[ ] Chart version pinned
Step 2: Generate Values
Structure:
# values.yaml
# Only override what differs from defaults
# Example: Overriding replica count (default: 1)
replicaCount: 3
# Example: Overriding image (default: nginx:latest)
image:
repository: myregistry/myapp
tag: "1.2.3" # Quotes for version strings
# Example: Boolean (NOT "true" string)
autoscaling:
enabled: true
What to EXCLUDE:
- Values matching chart defaults
name:ornamespace:(usehelm install <name> -n <ns>)- Commented-out defaults
- Redundant nested keys
Step 3: Type Handling
| YAML Type | Example | Common Mistake |
|-----------|---------|----------------|
| Boolean | enabled: true | enabled: "true" |
| Integer | replicas: 3 | replicas: "3" |
| String version | tag: "1.2.3" | tag: 1.2.3 (parsed as float) |
| Null | value: null | value: "" |
| List | - item | Forgetting - |
Step 4: Validation
# Lint values
helm lint <chart> -f values.yaml
# Template to verify
helm template <release> <chart> -f values.yaml
# Dry-run install
helm install <release> <chart> -f values.yaml --dry-run
Common Chart Patterns
Ingress:
ingress:
enabled: true
className: nginx
hosts:
- host: app.example.com
paths:
- path: /
pathType: Prefix
tls:
- secretName: app-tls
hosts:
- app.example.com
Resources:
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
Service Account (with IRSA/Workload Identity):
serviceAccount:
create: true
annotations:
eks.amazonaws.com/role-arn: arn:aws:iam::ACCOUNT:role/ROLE
Gotchas
tag: 1.2.3without quotes is parsed as a float (1.2) then truncated — always quote version strings:tag: "1.2.3"enabled: "true"is a string, not a boolean — Helm templates checkingif .Values.enabledwill always be true (non-empty string)- Including
name:ornamespace:in values.yaml has no effect — these are CLI args:helm install <name> -n <ns> helm upgradewithout--installfails if the release doesn't exist — usehelm upgrade --installfor idempotent deployments- Copying all chart defaults with minor changes makes diffs unreadable and breaks on chart upgrades — only override what differs
- OCI-based charts (
oci://) requirehelm registry loginfirst — authentication errors are cryptic
Anti-patterns to Avoid
- Including
name:ornamespace:in values - Copying all defaults with minor changes
- String booleans:
"true"instead oftrue - Unquoted version strings that look like numbers
- Hardcoded secrets (use external-secrets, sealed-secrets, etc.)
- Values that don't exist in the chart schema
Output Format
When generating values, output:
- Chart analysis: What chart, version, key constraints
- Values file: Only overridden values with comments
- Install command: Full helm install/upgrade command
- Validation command: How to verify before applying
- Notes: Any external dependencies (secrets, CRDs, etc.)
Example Workflow
User: "Generate Helm values for nginx-ingress"
Response:
# values.yaml for ingress-nginx
# Chart: ingress-nginx/ingress-nginx v4.10.0
# Only non-default values shown
controller:
replicaCount: 2
resources:
requests:
cpu: 100m
memory: 90Mi
limits:
cpu: 500m
memory: 256Mi
service:
type: LoadBalancer
# Install command
helm install ingress-nginx ingress-nginx/ingress-nginx \
--namespace ingress-nginx \
--create-namespace \
-f values.yaml
# Verify
helm template ingress-nginx ingress-nginx/ingress-nginx -f values.yaml | kubectl apply --dry-run=client -f -
Related Skills
dtsong/workflow
development
VerifiedTrustedCommunity
Use when planning implementation steps, deciding commit format, or structuring development approach. Provides brainstorm-plan-implement flow with conventional commits. Triggers on 'how should I approach this', 'commit format'.
4SKILL.mdUpdated Apr 28, 2026
dtsong/web-security-hardening
development
VerifiedTrustedCommunity
Security audit checklist for web applications. Use when reviewing, auditing, or hardening a web app's security posture. Covers rate limiting, auth headers, IP blocking, CORS, security middleware, input validation, file upload limits, ORM usage, and password hashing. Triggers on requests like "review security", "harden this app", "security audit", "check for vulnerabilities", or when building/reviewing API endpoints.
4SKILL.mdUpdated Apr 28, 2026
dtsong/web-design-guidelines
development
VerifiedTrustedCommunity
Review UI code for Web Interface Guidelines compliance. Use when asked to "review my UI", "check accessibility", "audit design", "review UX", or "check my site against best practices".
4SKILL.mdUpdated Apr 28, 2026
dtsong/vercel-react-best-practices
development
VerifiedTrustedCommunity
React and Next.js performance optimization guidelines from Vercel Engineering. This skill should be used when writing, reviewing, or refactoring React/Next.js code to ensure optimal performance patterns. Triggers on tasks involving React components, Next.js pages, data fetching, bundle optimization, or performance improvements.
4SKILL.mdUpdated Apr 28, 2026