Helm maintainers push Tiller overboard en route to 3.0.0

Helm maintainers push Tiller overboard en route to 3.0.0
US Navy photo by katz via Shutterstock

The Helm project’s maintainers have steered the Kubernetes package manager to its first stable v3.0 release – junking the Tiller feature along the way.

Tiller was introduced in Helm 2.0 as an in cluster component, enabling multiple operators to interact with the same set of releases. But, according to a post detailing the changes in Helm 3.0.0, “With role-based access controls (RBAC) enabled by default in Kubernetes 1.6, locking down Tiller for use in a production scenario became more difficult to manage.“

In the face of a “vast number of possible security policies”, the Helm team had intended to maintain a “permissive default configuration” but in the end, decided it was possible to be a little too permissive.

“After hearing how community members were using Helm in certain scenarios, we found that Tiller’s release management system did not need to rely upon an in-cluster operator to maintain state or act as a central hub for Helm release information,” they wrote. “Instead, we could simply fetch information from the Kubernetes API server, render the Charts client-side, and store a record of the installation in Kubernetes.”

Junking Tiller means a “radically simplified” security model for Helm, the team said, by supporting the security, identity and authorisation features of Kubernetes.

The helm serve feature, which ran a local Chart Repository for development purposes, has also been junked, as it didn’t receive much uptake. It will continue to exist as a plugin.

Other changes include refactoring the Helm Go SDK for “general use” with the aim of sharing and reusing “code we’ve open sourced with the broader Go community.”

The latest version also promises an improved upgrade strategy, using 3-way strategic merge patches. The previous 2-way approach meant changes could not be rolled back in some situations. “In Helm 3, we now use a three-way strategic merge patch. Helm considers the old manifest, its live state, and the new manifest when generating a patch,” the maintainers write. One experimental feature in 3.0.0 is the ability to push charts to OCI registries. 

The team also flagged up some key future aims for the next phase of Helm, which they said will focus on “stability and enhancements”. These will include enhanced functionality for helm test, and its Go client libraries, as well as improvements to Helm’s OCI integration.

It’s been a busy time for Helm. It recently underwent a security audit mandated as part of its CNCF incubator status, passing with flying colours, and late last month, released Helm 2.15.0.