k8s-tiller-present¶
Ensure that Tiller (Helm v2) is not deployed
It is highly recommended NOT to deploy the Tiller (Helm v2) agent. This component communicates with the Kubernetes API server to manage resources.
With Helm v3, Tiller is deprecated and continuing to use it is considered a security risk.
Examples¶
Insecure Example
This is based on this manifest.
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
labels:
app: helm
name: tiller
name: tiller
namespace: tiller
spec:
replicas: 1
template:
metadata:
labels:
app: helm
name: tiller
spec:
containers:
image: gcr.io/kubernetes-helm/tiller:v2.14.3
name: tiller
...
Secure Example
Switch to using Helm v3, without Tiller