Helm and its security options
If you are a Helm user, you perhaps stumbled upon an excellent “Securing Helm installation” write-up in the official repository. If you were not aware of this document, take time to read it, that’s a good starting point.
To summarize, there are four main points to consider when securing your installation:
- Role-based access control, or RBAC.
- Tiller’s gRPC endpoint and its usage by Helm.
- Tiller Release Information.
- Helm charts.
Tiller Release Information is something that I want to talk about further.
What is the problem with Tiller releases?
Historically, for each “release,” which is basically any configuration or version update of an application, Tiller creates a ConfigMap containing all operational data.