I think we are going to start seeing quite a lot more 'k8s is insecure' posts in the future (not that we haven't seen quite a bit this past year alone).
Setting up Helm seems to be part of a lot of "first steps" tutorial, and it makes a lot of sense, Helm is very helpful especially when starting out with K8S – I'm still in the starting-out phase and I find it very helpful. But for me, and possibly that audience in general, this document doesn't feel very actionable, it assumes quite a bit of in-depth knowledge, that I currently don't have yet. I realize that's part of the learning curve, but for a tool that's so popular and so easy to set up and run, it feels like it should be easier to find more newbie-friendly material on how to secure it properly (I haven't been able to find much). Things being as they are, I'd expect there to be a lot of insecure tiller installs on GKEs out there.
12 comments
[ 5.9 ms ] story [ 36.6 ms ] threadhttps://docs.aws.amazon.com/eks/latest/userguide/helm.html
The issue is the server side tiller component. This is going away in Helm 3.
Think you've hit the nail on the head there, it's a fair criticism.