k8s-tiller-present¶

Ensure that Tiller (Helm v2) is not deployed

It is highly recommended NOT to deploy the Tiller (Helm v2) agent. This component communicates with the Kubernetes API server to manage resources.

With Helm v3, Tiller is deprecated and continuing to use it is considered a security risk.

Examples¶

Insecure Example

This is based on this manifest.

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  labels:
    app: helm
    name: tiller
  name: tiller
  namespace: tiller
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: helm
        name: tiller
    spec:
      containers:
        image: gcr.io/kubernetes-helm/tiller:v2.14.3
        name: tiller
        ...

Secure Example

Switch to using Helm v3, without Tiller

More information¶

Helm v3 Docs