Helm 3 is out, goodbye Tiller and why it is important
Helm is the package manager for Kubernetes. While Helm version 2 was the most used package manager, that might soon change with the release of Helm 3.
What is Helm?
If you stumbled here by chance here’s an article to know what Helm is.
Helm 3 is now Tiller-free, what does it mean?
Tiller is the server-side component used in Helm 2 which communicates with Kubernetes. In order to use Helm 2 you have to install Tiller in each Kubernetes cluster or in each namespace of each cluster. This allowed Helm to control releases and provide advanced features such as upgrades and rollbacks. The removal of Tiller has drastically increased Helm security because:
- Tiller was installed in an insecure way by default
- securing Tiller was a cumbersome task and needed its own certificates (not leveraging Kubernetes infrastructure)
- its removal reduced the attack surface
The new Helm delegates security to Kubernetes RBAC and only uses a client-side binary.
While dependencies are already handled through manifests, the new version of Helm supports “Library Charts”. Library charts are essentially the same as normal charts but are intended for use by other charts and do not produce artifacts by themselves. Imagine having a WordPress chart leveraging a Mysql library chart.
Helm 2 to Helm 3, migration path and end of support
According to this article Helm 2 will be supported for twelve months after Helm 3 release (ending Nov 2020), while six months after the release Helm 2 won’t accept bugfixes except security ones. For the times being
While you may want to wait for version 3.1 or later, you can already migrate to Helm 3 today. You can consult the faq and v2 to v3 migration. For the brave souls there is a migration plugin that enables automatic migration (with a risk).