Ensure Tiller (Helm V2) is not deployed
Error: Tiller (Helm V2) is deployed
Bridgecrew Policy ID: BC_K8S_32
Checkov Check ID: CKV_K8S_34
Tiller (Helm V2) is deployed
Tiller (Helm v2) is the in-cluster component of Helm. It interacts directly with the Kubernetes API server to install, upgrade, query, and remove Kubernetes resources. It also stores the objects that represent releases. Its permissive configuration could grant the users a broad range of permissions.
New versions of Kubernetes and Helm v3 have made Tiller obsolete, with its over permissive function in existing workloads remaining a security liability.
Consider upgrading to use Helm v3, which only runs on client machines. Not all charts may support Helm 3, but the number that do is growing rapidly.
Fix - Runtime
helm reset --force to force the removal if charts are installed. You still need to remove the releases manually.
Fix - Buildtime
- Resource: Container
labels:app / name - specifies the app label for the pod
image - defines the image used by the container
apiVersion: v1 kind: Pod metadata: name: <name> labels: - app: helm - name: tiller spec: containers: - name: <container name> - image: tiller
Updated 6 months ago