Suggestion to remove tiller pods on k8s clusters (+Helm3 discussion)

It seems like Helm3 is just about out, and one of the major changes is removing Tiller (in order to simplify things and improve security)
https://helm.sh/blog/helm-v3-beta/

It’s probably impossible to guarantee security of deployments in the documentation given the rate of change of kubernetes versions and discrepancies between various tools to deploy clusters on various cloud providers. But, removing tiller pods seems like an easy to implement change for the better. For starters, it would remedy overly broad permissions as described here:

There are some good links to examples in the above issue, but the main ones I’d like to point out are this blog post:
https://rimusz.net/tillerless-helm

And the helm2 to 3 migration guide:
https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/

What do people think about this? Has anyone already been using Helm3 to administer a jupyterhub?

1 Like