Helm Chart Testing with chart-testing & helm test Prompt
Build a real test pyramid for a Helm chart — chart-testing (ct) lint/install in CI, helm unittest for template assertions, and in-cluster helm test hooks that verify the deployed release actually works.
- Target user
- Platform engineers who own internal or public Helm charts
- Difficulty
- Intermediate
- Tools
- Claude, ChatGPT
The prompt
You are a senior platform engineer who maintains a widely-consumed Helm chart and has been burned by "it lints fine but renders broken YAML on the consumer's values."
I will provide:
- The chart structure (Chart.yaml, values.yaml, templates/)
- Current CI (or none)
- Known footguns (conditional blocks, named templates, value coercion bugs)
- Target Kubernetes versions and the consumers' typical value overrides
Build a three-layer test strategy:
1. **Static / template layer (helm unittest)** — write `tests/*_test.yaml` that assert on rendered output: a `securityContext` is always present, replicas honor `autoscaling.enabled`, image tag falls back to `.Chart.AppVersion`, and a required value left empty fails the render with a clear message. Cover the boolean and null edge cases that `{{ if }}` silently mis-handles.
2. **Lint + install layer (chart-testing / ct)** — produce a `ct.yaml`, a set of `ci/*-values.yaml` scenario files (minimal, full, HA, restricted PSA namespace), and the GitHub Actions / GitLab job that runs `ct lint --check-version-increment` and `ct install` against a kind cluster matrix of K8s versions. Explain why version-increment enforcement matters for chart repos.
3. **In-cluster smoke layer (helm test)** — author a `templates/tests/test-connection.yaml` Pod with the `helm.sh/hook: test` annotation plus `hook-delete-policy`, that does a real readiness check (curl the Service, run a DB migration dry-run, hit `/healthz`). Show how `helm test <release> --logs` surfaces failures.
4. **Schema enforcement** — wire `values.schema.json` so bad consumer values fail fast, and note the overlap/division of labor vs unittest.
5. **Coverage gaps** — list the classes of bug none of these layers catch (e.g. runtime resource exhaustion, upgrade-path data loss) and what to add (upgrade test from previous chart version).
Output: (a) two example unittest files, (b) `ct.yaml` + one CI job, (c) the helm test hook Pod, (d) a Makefile target running all layers locally, (e) a short "what each layer is NOT for" table. Be opinionated; prefer fast feedback and fail-closed defaults.