Not OP but I've lived through this too and my conclusion from that is that if you're doing tofu/terraform you're better off not introducing helm at all. Just tf the k8s.
Yes, this is what we do for example for the tailscale operator - but it's tedious to convert yaml to tf - and more importantly: error prone to correctly adapt upstream changes to update deployments as upstream refine their helm/k8s yaml files.
Terraform/OpenTofu is good for infrastructure but it becomes a pain if you use it for k8s deployments. I suggest using GitOps (ArgoCD / flux) for everything inside the cluster and OpenTofu for the cluster itself.
Downside with that is having DNS, managed databases, cloud storage (s3) outside K8s - When deployments are also managed with tf, it's easy to connect a deployment in K8s to resources outside K8s (via tf state).
