Solutions
Audit & Optimization Platform Design Automation Team Structure
Documentation Blog
Get Started
Developer Tools 2016

Helm v2 Release: The Birth of Kubernetes Package Management

K8s Guru
2 min read
#helm #kubernetes #charts #tiller #packaging #devops
Helm v2 Release: The Birth of Kubernetes Package Management

Table of Contents

Introduction

Helm v2 arrives with a clear promise: make packaging and managing Kubernetes applications as simple as apt or yum, but for clusters. With Charts as reusable application bundles and a new component called Tiller running inside the cluster, teams can share, install, and upgrade apps consistently.

Why It Matters in 2016

Kubernetes adoption is accelerating, but day‑2 operations—upgrades, rollbacks, and consistent parameterization—are still painful. Helm v2 standardizes structure with Chart.yaml, templates, and values, enabling repeatable deployments across environments without shell scripts and hand‑crafted manifests.

Notable Pieces

  • Charts & Repos: Shareable packages with versioned dependencies (requirements.yaml).
  • Tiller (in‑cluster): Handles releases, upgrades, and rollbacks for you.
  • Templating: Values files let you adapt the same chart for dev/stage/prod.
  • Releases: Installation history stored so you can roll back when needed.

Early Workflow

  1. helm init to set up client and Tiller.
  2. helm create myapp to scaffold a chart.
  3. helm install stable/nginx to get something running fast.
  4. helm upgrade --install to keep environments aligned.

Limitations to Watch

  • Tiller’s cluster‑side permissions model will require careful RBAC thinking.
  • Chart quality will vary across community repositories—curation is key.

Security Considerations

  • By default, helm init creates a Tiller service account with cluster-admin power; harden it using --service-account tied to a restricted RBAC role.
  • Lock down the gRPC port exposed by Tiller (44134) with a NetworkPolicy or run it with --listen=localhost and a sidecar proxy.
  • Enable TLS between Helm and Tiller to prevent anyone on the network from issuing release commands.

Looking Ahead

  • The community is already sketching Helm 3 plans to remove Tiller and rely on client-side state plus Kubernetes Secrets.
  • Expect an official charts repository revamp and signing/verification discussions through 2017.

Conclusion

In late 2016 Helm feels like the missing package manager for Kubernetes. Expect a rapid growth of community charts and a simpler story for application lifecycles.