Helm is the package manager many Kubernetes teams use to install software with one command and a values file per environment. IBM MQ on Kubernetes is rarely a single Deployment manifest in real enterprises—you install the MQ Operator, cert-manager dependencies, or sample queue managers from charts published or mirrored internally, then promote the same chart version from development clusters to production with only values changing. Helm charts bundle templates (StatefulSet, Service, QueueManager CR, RBAC) with defaults; values.yaml supplies image tag, storage class, queue manager name, and resource limits. Beginners treat helm upgrade like apt upgrade without reading what changed in the chart templates and wake up to new default probes that restart pods during peak batch. This tutorial explains chart structure, installing and upgrading releases, managing secrets safely, multi-environment values patterns, relationship between Helm and the MQ Operator, rollback and revision history, linting and testing charts in CI, and anti-patterns such as storing LICENSE accept as the only security control.
Chart.yaml names version and appVersion (often MQ fix pack). templates/ holds Go-templated YAML with placeholders like Values.queueManager.name. values.yaml documents defaults. charts/ may vendor subcharts for dependencies. _helpers.tpl defines reusable labels for consistent selectors. Understanding which fields are templated prevents editing generated manifests by hand after install—Helm overwrites on upgrade.
| Value key | Purpose | Example |
|---|---|---|
| image.tag | MQ container fix pack | 9.4.0.0-r1 |
| license.accept | LICENSE env gate | true maps to accept |
| persistence.size | PVC request | 100Gi |
| resources.limits.memory | Pod cap | 2Gi |
12345678910111213helm repo add ibm-mq https://example.com/charts # use your IBM or mirror URL helm repo update helm install finance-qm ibm-mq/queuemanager \ --namespace mq-prod --create-namespace \ -f values-prod.yaml helm upgrade finance-qm ibm-mq/queuemanager \ --namespace mq-prod \ -f values-prod.yaml helm history finance-qm -n mq-prod helm rollback finance-qm 2 -n mq-prod
install creates release revision 1. upgrade creates revision 2 with changed templates. history shows what changed; rollback applies prior manifest snapshot—not a substitute for PVC backup if upgrade corrupted config. Use --dry-run and diff plugins in CI to preview changes.
values-dev.yaml small storage and MQ_DEV-friendly settings. values-prod.yaml larger PVC, stricter resources, production image digest pin. Never fork the chart per environment—fork values only. Global section can set cluster name labels for multi-cluster GitOps. Consider helmfile to orchestrate multiple releases if you run operator plus cert-manager plus QueueManager charts in order.
Helm is a recipe binder: templates are blank forms, values.yaml fills in serving size and oven temperature for your kitchen (cluster). helm install prints the finished recipe card to the kitchen staff (Kubernetes API).
One pattern: Helm installs operator subscription and CRDs once per cluster. Second chart or second values file creates QueueManager CR instances per application. Another pattern: single umbrella chart depends on operator subchart. Align chart versions in Chart.yaml dependencies with IBM compatibility matrix. Upgrading operator chart may require upgrading CRD schema—read release notes.
Helm release failed — helm status shows failed hook or resource; kubectl describe failing object. Wrong image — values override ignored because wrong key path in YAML indentation. PVC not binding — storage class in values does not exist on cluster. Orphan resources after uninstall — chart did not include PVC in release retention policy; set resource-policy keep annotation if needed.
Helm charts are coloring book pages with numbers showing which colors to use. Your values file picks red or blue so each classroom (cluster) gets the same picture with different colors.
helm install MQ in lab; change image tag in values; helm upgrade; verify revision history.
Run helm template and list every Secret reference.
Practice helm rollback after intentional bad values change in dev.
1. values.yaml overrides:
2. helm rollback:
3. Secrets in Git should be:
4. A Helm release is: