Helm and Terraform are two popular DevOps tools that are used to manage infrastructure and apps. They both provide tools for automating your operations, but they each focus on different use cases.
Terraform is a leading IaC tool that’s used to automate infrastructure provisioning activities. It’s typically used by operations teams to manage cloud resources including Kubernetes clusters. On the other hand, Helm is a Kubernetes-specific tool that makes it easier to install apps in a cluster by applying package manager principles.
In this article, we’ll explain the features of both Helm and Terraform and then look at their similarities and differences. We’ll finish up by explaining when each tool should be used, including how they can work together.
We will cover:
Terraform is an Infrastructure as Code (IaC) tool that’s used to automate infrastructure provisioning and management tasks. It allows you to define what your infrastructure should look like by configuring a desired state in Hashicorp Configuration Language (HCL) config files. You can then apply that state to have Terraform automatically create, modify, and remove infrastructure resources as required.
Key features of Terraform
Terraform is a feature-filled tool that can be used to automate almost any part of infrastructure management. It uses a plugin-based architecture that makes it easy to extend with connections to different infrastructure providers and resource types.
Here are some of its key features:
- Works across cloud environments: Terraform is cloud-agnostic. All major services have well-supported Terraform providers, and you can use community or custom plugins to work with any environment you use.
- Automates complex infrastructure changes: Terraform allows you to automate operations that would normally require complex manual processes. This saves time, frees up engineers to focus on development, and helps to prevent mistakes.
- Supports declarative configuration: Terraform uses a declarative configuration model. Developers don’t need to instruct Terraform how to carry out each change—instead, you just define what the end result should be, then let Terraform work out which actions are required.
- Automatic drift detection: Terraform has built-in drift detection capabilities that ensure your infrastructure matches the state you’ve defined in your config files. If discrepancies occur—perhaps because a resource has been manually altered—then it can automatically restore the desired state.
- Supports immutable infrastructure: You can use Terraform to implement immutable infrastructure architectures, where resources never change after they’re created. Instead of changing servers in-place, you can easily create new resources, then remove the old ones. This reduces risk and makes it easier to reason about your infrastructure’s current state.
- Plan before you apply: Infrastructure changes are inherently risky activities. Terraform lets you produce a plan of required actions before you actually apply them, allowing you to see what will happen and make any required adjustments.
In summary, Terraform gives you everything you need to automate cloud resource management through IaC. Read more about managing IaC with Terraform.
When to use Terraform?
Terraform is suitable for DevOps teams that are looking for a cloud infrastructure automation tool. It allows you to create your environments from config files you can version alongside your code. This aids collaboration, maintainability, and service restoration in the event a change causes problems.
Tasks such as setting up cloud servers, applying network and security policies, and provisioning storage volumes can all be handled using Terraform. In fact, most resources supported by your cloud provider are available to create with Terraform—including higher-level objects such as Kubernetes clusters. Using Terraform for these tasks ensures your infrastructure is consistent and easy to replicate for additional instances, such as development sandboxes.
Note: New versions of Terraform are placed under the BUSL license, but everything created before version 1.5.x stays open-source. OpenTofu is an open-source version of Terraform that expands on Terraform’s existing concepts and offerings. It is a viable alternative to HashiCorp’s Terraform, being forked from Terraform version 1.5.6.
Helm is a package manager for Kubernetes. It simplifies the process of installing, updating, and managing applications within your clusters. Helm Charts—the Helm packaging format—encapsulate all the Kubernetes objects an app requires, in addition to any dependencies that need to be installed first.
See also: How to deploy Helm charts with ArgoCD.
Key features of Helm
Helm is best seen as a Kubernetes-native packaging solution that you can use to define, publish, and install cluster applications. Its features span all three of these functional areas, providing valuable DevOps capabilities that are missing from standard Kubernetes:
- Package apps to install in Kubernetes: Helm Charts let you package and distribute your app’s Kubernetes manifests. Anyone can easily install your app in their cluster, without having to apply the manifest files individually.
- Supports application dependencies: Charts can have dependency relationships, allowing you to specify that another app installation is required before yours will work. Helm automatically installs dependencies when your chart is applied.
- Upgrade and rollback app releases: Helm performs seamless in-place upgrades of the apps in your cluster. After chart updates are published, you can use Helm to apply the new release and automatically add, replace, and remove affected resources in your cluster.
- Provides variables and customization capabilities: Helm supports templating of your Kubernetes manifests and allows users to override variables when installing charts. This simplifies application configuration and provides more customization opportunities.
- Logs your chart install history: Helm automatically tracks the chart releases that you’ve installed. You can see when apps were added and updated, monitor their versions, and easily inspect the final Kubernetes manifest YAML that was applied.
- Easily remove apps and clean your cluster: Helm also makes it easy to remove apps from your cluster. Instead of having to manually clean up objects or refer to individual manifest files, Helm lets you uninstall chart releases with one command. It will automatically delete all the Kubernetes objects.
Helm is, therefore a complete solution for managing Kubernetes apps with all their components and dependencies.
When to use Helm?
Helm is designed to simplify the app management experience for Kubernetes operators. It reduces complexity by providing the packaging capabilities that are absent from Kubernetes by default.
You should use Helm in situations where you want to bundle your app’s Kubernetes resources and make them easily installable—with configurable values—in any Kubernetes cluster. Helm will manage your app’s entire lifecycle for you, including updates and rollbacks.
Moreover, Helm makes Kubernetes more approachable for developers who might have less experience with Kubectl commands and Kubernetes manifest interactions. You can install complex apps from Helm charts using a single command without necessarily understanding all the details of the objects that are added to your cluster.
Check out also – Kustomize vs. Helm comparison.
Helm vs. Terraform solve different problems, but they do so in similar ways. This can create some confusion over which to use.
1. Declarative configuration
Both tools use declarative configuration to achieve your desired state without making you spell out exactly what needs to change. In the case of Terraform, your infrastructure is made to match your state files; for Helm, you’ll get an app deployment that matches the contents of your chart’s Kubernetes manifests.
2. Modularity and customization support
Helm and Terraform also offer good modularity and customization support, albeit in slightly different ways. It’s possible to compose charts and state files out of smaller, reusable components, which improve maintainability. You can also easily customize your configurations at the point they’re applied, ensuring they can be adapted to different environments.
3. Automation
The two systems both automate aspects of your provisioning and deployment systems. They remove the complexity from processes that were previously time-consuming, error-prone affairs, while making it possible to easily replicate deployments across multiple environments.
The biggest difference between Terraform and Helm is the types of infrastructure that they manage:
- Terraform can be used to provision all types of infrastructure using its generic provider and resource model.
- Helm is specifically used to deploy apps into existing Kubernetes clusters. It can’t create the cluster for you.
This distinction should inform you of which tool to use in most circumstances: if you’re only using Kubernetes, then Helm might suffice. But if you need to create arbitrary infrastructure in your cloud accounts, then Terraform provides the tools to do so.
Here are a few more of the differences.
1. Support for Kubernetes
Helm is specifically built for Kubernetes. It can only be used with Kubernetes and supports all of the orchestrator’s features, including native support for Kubernetes YAML manifests. However, Helm can only manage objects inside clusters, not the clusters themselves.
Terraform is not a Kubernetes-specific tool, but its official Kubernetes Provider can be used to interact with all Kubernetes resources. However, you’ll need to use Terraform’s HCL config language to create them, as Terraform doesn’t natively understand regular Kubernetes YAML files. This makes the learning curve a little steeper for developers with good Kubernetes knowledge but little Terraform experience.
It’s also possible to use Terraform to create and manage your clusters, not just the objects inside them. This is enabled through Providers that interface with your cloud services to create new managed clusters or by writing scripts that manually create new compute resources, start the Kubernetes control plane, and register worker nodes.
2. Rollbacks
One of the big differences between the tools concerns how rollbacks are handled. Helm makes it very easy to rollback to a previous version of a chart installation using the dedicated helm rollback
command. It will automatically restore the cluster’s state, reducing the time required to mitigate issues.
Terraform doesn’t include a built-in way to roll back incorrect changes. Instead, you’re advised to restore by rolling forwards instead. In practice, this means you must check the previous versions of your state files from your source repository and then re-apply them using Terraform. Overall, the process is more complex and less reliable than Helm, as some operations can’t always be reverted—such as if you’ve deleted a storage volume.
3. Drift detection
Terraform includes built-in drift detection capabilities. Each time you run a plan or apply your configuration, Terraform will detect and report any discrepancies in your deployed infrastructure. You can also manually check for drift using the terraform refresh
command.
Helm doesn’t have anything comparable to these features. It won’t automatically spot drift in your deployed apps, and there’s no straightforward way to run a manual check. You need to retrieve the YAML manifest that Helm generated and then compare it to what’s running in your cluster. This is typically a much more time-consuming process.
4. Integrations
Helm is extensible, using plugins that can be written in any programming language. The number of plugins available is relatively low, but useful options allow you to visualize releases on a dashboard, manage secrets, and easily work with multiple chart releases. In practice, most of Helm’s functionality is included with the tool, so plugins are primarily adding extra convenience.
Terraform’s approach is different because the tool relies on plugins. Plugins are used to interface with infrastructure services such as cloud providers, so they’re a vital part of the Terraform experience. Fortunately, plugin management is usually quite transparent, as Terraform automatically discovers and downloads the plugins it needs to apply your state files.
Need a quick guide to the features and differences of Helm and Terraform? Here’s a handy comparison table you can reference.
Helm and Terraform can be combined to further enhance your workflows. When trying to use both tools together, it’s important to understand which way data flows:
- Terraform is a general-purpose IaC tool.
- Helm is a Kubernetes-specific package manager.
Therefore, you can include Helm interactions in your Terraform state files, but it’s not possible to utilize Terraform within a Helm chart.
The easiest way to integrate Helm and Terraform is with Terraform’s official Helm Provider. This allows you to install and configure Helm charts as part of your Terraform plans. By doing so, you can fully automate your entire deployment process, from an empty cloud provider through to a functioning installation of your app:
- Terraform provisions relevant infrastructure in your cloud account, such as by creating a Kubernetes cluster.
- The Helm Provider then deploys your app’s Helm chart into the new cluster, pushing your service live.
This allows simple, reproducible deploys onto fresh infrastructure—ideal when migrating between platforms, performing disaster recovery, or setting up development environments.
Simply put, it depends on which DevOps tools and workflows you’re using.
Both Terraform and Helm are useful utilities that automate key infrastructure and app management operations. However, while they can be used in a complementary way, they’re positioned adjacent to each other and have different intended use cases.
Use Terraform to automate infrastructure provisioning tasks, such as creating compute nodes, storage volumes, and network resources in your cloud accounts. Choose Helm when you’re working with an existing Kubernetes cluster and need to manage the apps deployed inside it. You won’t need to use Helm if you don’t have any Kubernetes clusters in your infrastructure.
As we’ve outlined above, it’s also possible to combine Terraform and Helm—making the answer to which you should use “both,” but only if you’re deploying to Kubernetes. In this scenario, you use Terraform to create the infrastructure that runs the cluster, then invoke Helm to deploy your apps.
We’ve walked through the key features of Terraform and Helm and seen the ways in which they differ and overlap. You should now have an improved understanding of the situations to which both tools apply, allowing you to develop more powerful DevOps workflows.
We encourage you also to explore how Spacelift makes it easy to work with Terraform. If you need any help managing your Terraform infrastructure, building more complex workflows based on Terraform, and managing AWS credentials per run, instead of using a static pair on your local machine, Spacelift is a fantastic tool for this. It supports Git workflows, policy as code, programmatic configuration, context sharing, drift detection, and many more great features right out of the box. You can check it for free, by creating a trial account.
Manage Terraform Better and Faster
If you are struggling with Terraform automation and management, check out Spacelift. It helps you manage Terraform state, build more complex workflows, and adds several must-have capabilities for end-to-end infrastructure management.