Last checked and updated on 04 May 2026
What Is New in Helm 2.3 – Summary Table
| Category | Key Additions |
|---|---|
| New Features |
|
| Improvements |
|
| Bug Fixes |
|
| Security |
|
| Deprecated |
|
How does the Helm Plugin Manager change extension handling?
Helm 2.3 adds a built‑in plugin manager, letting you install, list, and remove plugins with a single command.
$ helm plugin install https://github.com/adamreese/helm-last
$ helm plugin list
$ helm plugin remove last
In practice this reduces the friction of adding community tools such as diff or lint helpers. Plugin developers also gain lifecycle hooks for install and removal, making complex setups easier to automate.
What new template functions are available and why do they matter?
Two notable functions were introduced: required to enforce mandatory values, and toToml for direct TOML conversion.
# Example of required
{{ required "database.password is required" .Values.database.password }}
# Convert a map to TOML
{{ toToml .Values.config }}
These functions simplify validation and ConfigMap generation, especially when you need non‑YAML formats. Sprig was also upgraded, adding dozens of flow‑control helpers.
How can child chart values be hoisted to the parent?
Helm 2.3 lets a parent chart import specific values from its sub‑charts via the requirements.yaml import-values section.
# requirements.yaml (parent)
dependencies:
- name: redis
version: 3.2.1
repository: https://example.com/charts
import-values:
- child: redis
parent: redisConfig
This removes the need for manual value duplication and keeps configuration DRY, which is crucial for large umbrella charts.
What does TLS support between Helm and Tiller enable?
Version 2.3 adds TLS encryption for the gRPC channel that Helm uses to talk to Tiller, protecting credentials and chart data in transit.
# Initialise with TLS
$ helm init --tiller-tls-verify --tiller-tls-ca-cert ca.crt \
--tiller-tls-cert server.crt --tiller-tls-key server.key
Enabling TLS is a single‑line change that satisfies security policies for many enterprises without altering existing chart logic.
What other hook and metadata improvements arrived in 2.3?
Hooks now accept a helm.sh/hook-weight annotation, allowing deterministic ordering, and the --reuse-values flag re‑uses prior values on upgrade.
# Hook with weight
metadata:
annotations:
"helm.sh/hook": pre-install
"helm.sh/hook-weight": "5"
Chart.yaml also gained appVersion (the version of the packaged app) and deprecated (marks a chart as no longer maintained). These fields improve chart discoverability and lifecycle management.
FAQ
Can I disable the plugin system entirely?
Yes, set the environment variable HELM_NO_PLUGINS=1 before running any Helm command.
Do I need to rebuild Tiller after enabling TLS?
No, TLS is configured at runtime via helm init flags; the same Tiller binary works for both secure and insecure modes.
How do I migrate existing charts to use the new required function?
Replace manual checks with {{ required "msg" .Values.foo }}; the function aborts the render with a clear error if the value is missing.
What happens if a child chart defines the same key as the parent when using import-values?
The child’s value overwrites the parent’s corresponding key, following the import order defined in requirements.yaml.
Is the --skip-refresh flag safe for CI pipelines?
It is safe when you control repository updates externally; it prevents unnecessary network calls and speeds up repeated runs.
For more details, see the Helm Quickstart Guide.