Skip to content
Back to blog
Helm helm generic-chart migration kubernetes

Migrating to the Generic Chart Breaking Platform Contract

A focused migration guide for the Generic chart breaking feature release, covering images, deterministic rollouts, validation, security, networking, storage, and CRD-backed integrations.

Maicon Berlofa | Published | 2 min read
HelmForge Generic chart migration guide

The Generic chart is becoming a broader platform contract. This release adds networking, security, storage, observability, autoscaling, Gateway API, and batch controls while tightening several defaults that were too loose for production use.

What changed

  • The default image is now docker.io/library/nginx:1.27.5 with IfNotPresent.
  • Image digests are supported globally and per container.
  • Pod templates no longer receive render-time timestamp annotations.
  • HPA is blocked for DaemonSets and requires hpa.maxReplicas.
  • PDB requires exactly one availability budget: minAvailable or maxUnavailable.
  • Optional CRD-backed resources stay disabled until explicitly enabled.

Migration checklist

  1. Set an explicit image.repository plus image.tag or image.digest for every production workload.
  2. Replace timestamp-driven restarts with rollout.restartAt or ConfigMap/Secret checksums.
  3. Review HPA and PDB values before upgrade; invalid combinations now fail early.
  4. Set service.enabled: false for batch-only releases.
  5. Enable ExternalSecret, SealedSecret, ServiceMonitor, PodMonitor, PrometheusRule, VPA, KEDA, or Gateway API only in clusters where the CRDs already exist.
  6. Review new security primitives before enabling rbac.create or networkPolicy.enabled.

Start by rendering your values locally:

helm repo add helmforge https://repo.helmforge.dev
helm repo update
helm template my-release helmforge/generic -f values.yaml
helm upgrade --install my-release helmforge/generic -f values.yaml --dry-run --debug

Then validate in a local k3d cluster with CRD-backed integrations disabled. Enable CRD-backed integrations in a second pass only after the platform operators are present.

Why this is breaking

The chart now prefers deterministic, explicit behavior over permissive defaults. The result is a safer generic chart, but some previous values that rendered loosely will now fail fast so teams can fix the contract before the manifests reach a cluster.

References

Newsletter

Get the next post in your inbox

Join the HelmForge newsletter for Kubernetes insights, chart updates, and practical operations tips.

Subscribe to Newsletter Subscribe via RSS

Related analysis

More in Helm

Newer post

Kubernetes 1.36 Haru: Spring Cleaning for Production Clusters

Read next

Deploy MCP Servers Anywhere with FastMCP Server