Reconsider use of Helm Tiller

Helm 2 is looking less and less like a good tool to continue to build on top of.

• OpenShift has no plans to support.
• Some cloud vendors do not support it
• Customers are pushing back on Helm
• The Tiller security model has issues, likely driving all of the above

Helm 3 no longer uses Tiller, however there is no published ETA. All we have is a proposed design. We may not be able to wait until Helm 3 arrives.

Proposed solution

There does not seem to be an alternate tool that does not have its own drawbacks. It would also be nice to retain the ease of helm install where able. We can however still use Helm as a templating engine, without the baggage of tiller.

• Ban the use of all tiller-specific features like hooks.
• Use Helm in client-only mode, to act as a simple templating engine

Instead of helm install x/y it becomes helm template x/y > x-y.yaml && kubectl apply -f x-y.yaml.

We are already going down this route with the new cloud native GitLab chart, to address the concerns above.