Helm v2.7.2 is a security release and bug release. Users are strongly encouraged
The Helm Core Maintainers discovered a bug in TLS handling. Versions of Tiller
prior to 2.7.1 had a certificate verification policy that allowed self-signed
certificates to pass the server-side certificate verification phase.
This release contains a fix that requires the client certificate to be verified
against Tiller's CA.
Additionally, this release adds documentation for configuring strong gRPC authentication
using TLS. While this feature has been available since 2.3.0, it was not properly
Finally, this release contains several TLS-related fixes to Helm CLI commands, adding TLS
parameters back to the
helm get * verbs, and fixing
helm list --tls.
The community keeps growing, and we'd love to see you there.
- Join the discussion in Kubernetes Slack:
#helm-usersfor questions and just to hang out
#helm-devfor discussing PRs, code, and bugs
- Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
- Test, debug, and contribute charts: GitHub/kubernetes/charts
This release places much more stringent requirements on certificate auth. It is
possible that some misconfigured Helm SSL configurations that were working are now
Installation and Upgrading
Download Helm 2.7.2. The common platform binaries are here:
Once you have the client installed, upgrade Tiller with
helm init --upgrade.