Repo Browser: Tiller / Helm You need to enable JavaScript to run this app.
Gruntwork Website
Tiller / Helm Deploy Tiller (Helm Server) to your Kubernetes cluster as a service/package manager. Supports namespaces, service accounts, RBAC roles, and TLS.
Tiller Module
This repo contains a Module for deploying Tiller (the server component of Helm) on Kubernetes clusters with
Terraform . This repo is a part of the Gruntwork Infrastructure as Code
Library , a collection of reusable, battle-tested, production
ready infrastructure code. Read the Gruntwork
Philosophy document to
learn more about how Gruntwork builds production grade infrastructure code.
Quickstart Guide
The general idea is to:
Deploy a Kubernetes cluster. You can use one of the following:
Setup a kubectl
config context that is configured to authenticate to the deployed cluster.
Install the necessary prerequisites tools:
Provision a Namespace
and
ServiceAccount
to house the
Tiller instance.
Deploy Tiller.
You can checkout the k8s-tiller-minikube
example
documentation for
detailed instructions on deploying against minikube
.
What is in this repo
This repo provides a Gruntwork IaC Package and has the following folder structure:
root : The root folder contains an example of how to
deploy Tiller using kubergrunt
, which implements all the logic for
deploying Tiller with all the security best practices.
modules : This folder contains the
main implementation code for this Module, broken down into multiple standalone Submodules.
The primary module is:
k8s-tiller : Deploy
Tiller with all the security features turned on. This includes using Secrets
for storing state and enabling TLS
verification.
The deployed Tiller requires TLS certificate key pairs to operate. Additionally, clients will each need to their
own TLS certificate key pairs to authenticate to the deployed Tiller instance. This is based on kubergrunt model of
deploying helm .
There are also several supporting modules that help with setting up the deployment:
k8s-namespace :
Provision a Kubernetes Namespace
with a default set of RBAC roles.
k8s-namespace-roles :
Provision a default set of RBAC roles to use in a Namespace
.
k8s-service-account :
Provision a Kubernetes ServiceAccount
.
k8s-tiller-tls-certs :
Generate a TLS Certificate Authority (CA) and using that, generate signed TLS certificate key pairs that can be
used for TLS verification of Tiller. The certs are managed on the cluster using Kubernetes Secrets
. NOTE :
This module uses the tls
provider, which means the generated certificate key pairs are stored in plain text in
the Terraform state file. If you are sensitive to secrets in Terraform state, consider using kubergrunt
for TLS
management.
k8s-helm-client-tls-certs :
Generate a signed TLS certificate key pair from a previously generated CA certificate key pair. This TLS key pair
can be used to authenticate a helm client to access a deployed Tiller instance. NOTE : This module uses the
tls
provider, which means the generated certificate key pairs are stored in plain text in the Terraform state
file. If you are sensitive to secrets in Terraform state, consider using kubergrunt
for TLS management.
examples : This folder contains
examples of how to use the Submodules.
test : Automated tests for the Submodules
and examples.
What is Kubernetes?
Kubernetes is an open source container management system for deploying, scaling, and managing
containerized applications. Kubernetes is built by Google based on their internal proprietary container management
systems (Borg and Omega). Kubernetes provides a cloud agnostic platform to deploy your containerized applications with
built in support for common operational tasks such as replication, autoscaling, self-healing, and rolling deployments.
You can learn more about Kubernetes from the official documentation .
What is Helm?
Helm is a package and module manager for Kubernetes that allows you to define, install, and manage
Kubernetes applications as reusable packages called Charts. Helm provides support for official charts in their
repository that contains various applications such as Jenkins, MySQL, and Consul to name a few. Gruntwork uses Helm
under the hood for the Kubernetes modules in this package.
For a background on Helm and its security model, check out our Helm Guide
document .
What's a Module?
A Module is a canonical, reusable, best-practices definition for how to run a single piece of infrastructure, such
as a database or server cluster. Each Module is written using a combination of Terraform
and scripts (mostly bash) and include automated tests, documentation, and examples. It is maintained both by the open
source community and companies that provide commercial support.
Instead of figuring out the details of how to run a piece of infrastructure from scratch, you can reuse
existing code that has been proven in production. And instead of maintaining all that infrastructure code yourself,
you can leverage the work of the Module community to pick up infrastructure improvements through
a version number bump.
Who maintains this Module?
This Module and its Submodules are maintained by Gruntwork . If you are looking for help or
commercial support, send an email to
support@gruntwork.io .
Gruntwork can help with:
Setup, customization, and support for this Module.
Modules and submodules for other types of infrastructure in major cloud providers, such as VPCs, Docker clusters,
databases, and continuous integration.
Modules and Submodules that meet compliance requirements, such as HIPAA.
Consulting & Training on AWS, GCP, Terraform, and DevOps.
How do I contribute to this Module?
Contributions are very welcome! Check out the Contribution
Guidelines for instructions.
How is this Module versioned?
This Module follows the principles of Semantic Versioning . You can find each new release, along
with the changelog, in the Releases Page .
During initial development, the major version will be 0 (e.g., 0.x.y
), which indicates the code does not yet have a
stable API. Once we hit 1.0.0
, we will make every effort to maintain a backwards compatible API and use the MAJOR,
MINOR, and PATCH versions on each release to indicate any incompatibilities.
License
Please see LICENSE for how the code in
this repo is licensed.
Copyright © 2019 Gruntwork, Inc.
Questions? Ask away. We're here to talk about our services, answer any questions, give advice, or just to chat.
Ready to hand off the Gruntwork? "https://cdn.gruntwork.io/gruntwork-website/"
{"index":{"js":"https://cdn.gruntwork.io/gruntwork-website/index.bundle.c7884255553b53fbca3a.js","map":"https://cdn.gruntwork.io/gruntwork-website/index.bundle.1b14c1b7d19f1f5eb35d6e118e838255.map"},"styles":{"css":"https://cdn.gruntwork.io/gruntwork-website/styles.bundle.f22938926651ddec7c49.css","js":"https://cdn.gruntwork.io/gruntwork-website/styles.bundle.e782420e74a20dcb8691.js","map":"https://cdn.gruntwork.io/gruntwork-website/styles.bundle.d5e2af49807c6ca33f8367d621ece507.map"},"vendors":{"css":"https://cdn.gruntwork.io/gruntwork-website/vendors.bundle.29f7d0366a0978763f96.css","js":"https://cdn.gruntwork.io/gruntwork-website/vendors.bundle.fa8174a130797d75d12c.js","map":"https://cdn.gruntwork.io/gruntwork-website/vendors.bundle.57243d94deeeb29d5061288a338b4eb6.map"}}
{"treedata":{"name":"root","toggled":true,"children":[{"name":".circleci","children":[{"name":"config.yml","path":".circleci/config.yml","sha":"cef3f13f1128f203609bd70491c5789049d97396"}]},{"name":".gitignore","path":".gitignore","sha":"ca31ff35c5b25c686571a0430a14f86a38f15e77"},{"name":".pre-commit-config.yaml","path":".pre-commit-config.yaml","sha":"2dd1a8d4e16b65a1991537d51b5b59b6df1866f8"},{"name":"CODEOWNERS","path":"CODEOWNERS","sha":"89db2c0afb6268a0fa92d8e841018cef4bc653cb"},{"name":"CONTRIBUTING.md","path":"CONTRIBUTING.md","sha":"b12849077d576a7fad88da42db1131bb3369e194"},{"name":"GRUNTWORK_PHILOSOPHY.md","path":"GRUNTWORK_PHILOSOPHY.md","sha":"02d9873a74c99fe6d9b6b26bd9f8eb4a7a699c32"},{"name":"LICENSE","path":"LICENSE","sha":"276620ad6ffbc9954fd6633d167b0501155441d4"},{"name":"README.md","path":"README.md","sha":"444e80d608763aabb990f37a8badbe3bdf24b872","toggled":true},{"name":"examples","children":[{"name":"k8s-namespace-with-service-account","children":[{"name":"README.md","path":"examples/k8s-namespace-with-service-account/README.md","sha":"cdff492defdaa77f736adc1c1ce9c1db1b3a9e1e"},{"name":"main.tf","path":"examples/k8s-namespace-with-service-account/main.tf","sha":"071b39770653ee2d6d12c80119bb290fff5c35d8"},{"name":"outputs.tf","path":"examples/k8s-namespace-with-service-account/outputs.tf","sha":"71e367b5fa5fc4d940c68b1689d340ab6fa2e17c"},{"name":"variables.tf","path":"examples/k8s-namespace-with-service-account/variables.tf","sha":"f38169a042290747cd6cda6375d99af81b1df97e"}]},{"name":"k8s-tiller-kubergrunt-minikube","children":[{"name":"README.md","path":"examples/k8s-tiller-kubergrunt-minikube/README.md","sha":"f4ee8247319417b5d433017005af1284c2feda71"},{"name":"main.tf","path":"examples/k8s-tiller-kubergrunt-minikube/main.tf","sha":"a2d71286a91c7cf02371ff10336ad6c8c65c5a99"},{"name":"outputs.tf","path":"examples/k8s-tiller-kubergrunt-minikube/outputs.tf","sha":"f839014a1879cfef47954641a01edf7820ac3bdc"},{"name":"variables.tf","path":"examples/k8s-tiller-kubergrunt-minikube/variables.tf","sha":"3da8530a497b5102a1bd8d88c473e15794e7f9d5"}]},{"name":"k8s-tiller-minikube","children":[{"name":"README.md","path":"examples/k8s-tiller-minikube/README.md","sha":"d579c9f2952bb63704def4d2c799a267e2ca3b2a"}]}]},{"name":"main.tf","path":"main.tf","sha":"506f789e6c7b0a9c767a683a4bc101498daef4d2"},{"name":"modules","children":[{"name":"k8s-helm-client-tls-certs","children":[{"name":"README.md","path":"modules/k8s-helm-client-tls-certs/README.md","sha":"4806c8188e5da43941b60b091133ad58f2537532"},{"name":"main.tf","path":"modules/k8s-helm-client-tls-certs/main.tf","sha":"f9727619e0606e5710d81934c541d94d528ee633"},{"name":"outputs.tf","path":"modules/k8s-helm-client-tls-certs/outputs.tf","sha":"59994511786075fe1a930e3ec6b46dd6134fff29"},{"name":"variables.tf","path":"modules/k8s-helm-client-tls-certs/variables.tf","sha":"445e4da760004173140af1176fa80b0cc8722a81"}]},{"name":"k8s-namespace-roles","children":[{"name":"README.md","path":"modules/k8s-namespace-roles/README.md","sha":"9aaca3f9e32408e23c02622d33942e0ce4586e34"},{"name":"main.tf","path":"modules/k8s-namespace-roles/main.tf","sha":"f82819379a8864bd6b9e71a8a18d815dbbc02559"},{"name":"outputs.tf","path":"modules/k8s-namespace-roles/outputs.tf","sha":"ab91d72a436cc5e450795182b4b43b78be207293"},{"name":"variables.tf","path":"modules/k8s-namespace-roles/variables.tf","sha":"0e5be83826073b0f786ff8f9b04826c555208758"}]},{"name":"k8s-namespace","children":[{"name":"README.md","path":"modules/k8s-namespace/README.md","sha":"4fa9469fbbd22faae11ac3f461487b2bfbe167e6"},{"name":"main.tf","path":"modules/k8s-namespace/main.tf","sha":"eba9f2b3dbc0191d2d4bfe2931caac9b58122541"},{"name":"outputs.tf","path":"modules/k8s-namespace/outputs.tf","sha":"d8e2f96f44b67f9d0d59431c789b39609a745996"},{"name":"variables.tf","path":"modules/k8s-namespace/variables.tf","sha":"572a62e2ca963233931c527bab99fd9f0a3a048b"}]},{"name":"k8s-service-account","children":[{"name":"README.md","path":"modules/k8s-service-account/README.md","sha":"a53dfad1ff1d991dfed08fb5da77f9c15e3b6d50"},{"name":"main.tf","path":"modules/k8s-service-account/main.tf","sha":"3c5efa6c04722d679f1707ab49c118d39ef6a806"},{"name":"outputs.tf","path":"modules/k8s-service-account/outputs.tf","sha":"c5c2389e4646bb2a16b87bec129330e0c3c4dcf6"},{"name":"variables.tf","path":"modules/k8s-service-account/variables.tf","sha":"4f0cfad5f8a5869ff201fad385ecaa0de7454674"}]},{"name":"k8s-tiller-tls-certs","children":[{"name":"README.md","path":"modules/k8s-tiller-tls-certs/README.md","sha":"bf4e7de237e87459f8f617b6fa60f0ed1d94cd86"},{"name":"main.tf","path":"modules/k8s-tiller-tls-certs/main.tf","sha":"69d3adb8717f12381f0683c0ab37581975b5a8dc"},{"name":"outputs.tf","path":"modules/k8s-tiller-tls-certs/outputs.tf","sha":"1a4038f3a59478a9f2d4b76eef51817dd4200dc7"},{"name":"variables.tf","path":"modules/k8s-tiller-tls-certs/variables.tf","sha":"259ebea616195628a68b8eb8a1da83465cd0c782"}]},{"name":"k8s-tiller","children":[{"name":"README.md","path":"modules/k8s-tiller/README.md","sha":"7dec15a673134ebc488a070dc614d04c2bf538d3"},{"name":"main.tf","path":"modules/k8s-tiller/main.tf","sha":"c278eeebee9bc47d059f59a22916e5cc6dac1335"},{"name":"outputs.tf","path":"modules/k8s-tiller/outputs.tf","sha":"e23f872780e656e4f12578d439eb910692f59a60"},{"name":"variables.tf","path":"modules/k8s-tiller/variables.tf","sha":"5d03e38bfec082950d20c0f48865d7c5107f259f"}]}]},{"name":"outputs.tf","path":"outputs.tf","sha":"e81c16d641a0e30b706292ad37ce8b8ef343becb"},{"name":"test","children":[{"name":"Gopkg.lock","path":"test/Gopkg.lock","sha":"cdae09784de4638a1b0eea0525c3be70cebcf2d7"},{"name":"Gopkg.toml","path":"test/Gopkg.toml","sha":"a8644e81d7acf83db32419833ca1ca318d2559c1"},{"name":"README.md","path":"test/README.md","sha":"c4361f3756f62c10366b7302401e8a53552061bb"},{"name":"k8s_namespace_with_service_account_test.go","path":"test/k8s_namespace_with_service_account_test.go","sha":"8fac6e063e5c03371b681cdd48a98a8d27137712"},{"name":"k8s_tiller_kubergrunt_test.go","path":"test/k8s_tiller_kubergrunt_test.go","sha":"67f31a218feaa2840cdad23308b577f442bd3f4d"},{"name":"k8s_tiller_test.go","path":"test/k8s_tiller_test.go","sha":"7501db1bfc755b2709c688a5bbd1867b4238b44a"},{"name":"kubefixtures","children":[{"name":"curl-kubeapi-as-service-account.yml.tpl","path":"test/kubefixtures/curl-kubeapi-as-service-account.yml.tpl","sha":"12fa119c7e183bb8d35cda86322c92e6a36a5307"},{"name":"namespace-check-create-pod.json.tpl","path":"test/kubefixtures/namespace-check-create-pod.json.tpl","sha":"ba88dfa440d815c221febd455550dd6fdbe7cbac"},{"name":"namespace-check-list-pod.json.tpl","path":"test/kubefixtures/namespace-check-list-pod.json.tpl","sha":"047bb650ac081c5f63d9491cde3ca80b92603489"}]},{"name":"terratest_options.go","path":"test/terratest_options.go","sha":"675f98b4c34be584c9f7eea240f290949f08f460"}]},{"name":"variables.tf","path":"variables.tf","sha":"7efc75a2f7d990de3cdf52c7589e9468da6f4133"}]},"detailsContent":"<p><a href=\"https://gruntwork.io/?ref=repo_terraform_kubernetes_helm\" class=\"preview__body--description--blue\" target=\"_blank\"><img src=\"https://img.shields.io/badge/maintained%20by-gruntwork.io-%235849a6.svg\" alt=\"Maintained by Gruntwork.io\" class=\"preview__body--diagram\"></a>\n<a href=\"#open_modal\" class=\"preview__body--description--blue\"><img src=\"https://img.shields.io/github/tag/gruntwork-io/terraform-kubernetes-helm.svg?label=latest\" alt=\"GitHub tag (latest SemVer)\" class=\"preview__body--diagram\"></a>\n<img src=\"https://img.shields.io/badge/tf-%3E%3D0.12.0-blue.svg\" alt=\"Terraform Version\" class=\"preview__body--diagram\"></p>\n<h1 class=\"preview__body--title\" id=\"tiller-module\">Tiller Module</h1><div class=\"preview__body--border\"></div><p></p>\n<p>This repo contains a Module for deploying Tiller (the server component of Helm) on Kubernetes clusters with\n<a href=\"https://www.terraform.io\" class=\"preview__body--description--blue\" target=\"_blank\">Terraform</a>. This repo is a part of <a href=\"https://gruntwork.io/infrastructure-as-code-library/\" class=\"preview__body--description--blue\" target=\"_blank\">the Gruntwork Infrastructure as Code\nLibrary</a>, a collection of reusable, battle-tested, production\nready infrastructure code. Read the <a href=\"/repos/v0.6.1/terraform-kubernetes-helm/GRUNTWORK_PHILOSOPHY.md\" class=\"preview__body--description--blue\">Gruntwork\nPhilosophy</a> document to\nlearn more about how Gruntwork builds production grade infrastructure code.</p>\n<h2 class=\"preview__body--subtitle\" id=\"quickstart-guide\">Quickstart Guide</h2>\n<p>The general idea is to:</p>\n<ol>\n<li>Deploy a Kubernetes cluster. You can use one of the following:\n<ul>\n<li><a href=\"https://kubernetes.io/docs/tasks/tools/install-minikube/\" class=\"preview__body--description--blue\" target=\"_blank\">minikube</a></li>\n<li><a href=\"/repos/terraform-google-gke\" class=\"preview__body--description--blue\">Our GKE module</a></li>\n<li><a href=\"/repos/terraform-aws-eks\" class=\"preview__body--description--blue\">Our EKS module</a></li>\n</ul>\n</li>\n<li>Setup a <code>kubectl</code> config context that is configured to authenticate to the deployed cluster.</li>\n<li>Install the necessary prerequisites tools:\n<ul>\n<li><a href=\"https://docs.helm.sh/using_helm/#install-helm\" class=\"preview__body--description--blue\" target=\"_blank\"><code>helm</code> client</a></li>\n<li>(Optional) <a href=\"/repos/kubergrunt#installation\" class=\"preview__body--description--blue\"><code>kubergrunt</code></a></li>\n</ul>\n</li>\n<li>Provision a <a href=\"https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/\" class=\"preview__body--description--blue\" target=\"_blank\"><code>Namespace</code></a> and\n<a href=\"https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/\" class=\"preview__body--description--blue\" target=\"_blank\"><code>ServiceAccount</code></a> to house the\nTiller instance.</li>\n<li>Deploy Tiller.</li>\n</ol>\n<p>You can checkout the <a href=\"/repos/v0.6.1/terraform-kubernetes-helm/examples/k8s-tiller-minikube\" class=\"preview__body--description--blue\"><code>k8s-tiller-minikube</code> example\ndocumentation</a> for\ndetailed instructions on deploying against <code>minikube</code>.</p>\n<h2 class=\"preview__body--subtitle\" id=\"what-is-in-this-repo\">What is in this repo</h2>\n<p>This repo provides a Gruntwork IaC Package and has the following folder structure:</p>\n<ul>\n<li>\n<p><a href=\"/repos/v0.6.1/terraform-kubernetes-helm\" class=\"preview__body--description--blue\">root</a>: The root folder contains an example of how to\ndeploy Tiller using <a href=\"/repos/kubergrunt\" class=\"preview__body--description--blue\"><code>kubergrunt</code></a>, which implements all the logic for\ndeploying Tiller with all the security best practices.</p>\n</li>\n<li>\n<p><a href=\"/repos/v0.6.1/terraform-kubernetes-helm/modules\" class=\"preview__body--description--blue\">modules</a>: This folder contains the\nmain implementation code for this Module, broken down into multiple standalone Submodules.</p>\n<p>The primary module is:</p>\n<ul>\n<li><a href=\"/repos/v0.6.1/terraform-kubernetes-helm/modules/k8s-tiller\" class=\"preview__body--description--blue\">k8s-tiller</a>: Deploy\nTiller with all the security features turned on. This includes using <code>Secrets</code> for storing state and enabling TLS\nverification.</li>\n</ul>\n<p>The deployed Tiller requires TLS certificate key pairs to operate. Additionally, clients will each need to their\nown TLS certificate key pairs to authenticate to the deployed Tiller instance. This is based on <a href=\"/repos/kubergrunt/HELM_GUIDE.md\" class=\"preview__body--description--blue\">kubergrunt model of\ndeploying helm</a>.</p>\n<p>There are also several supporting modules that help with setting up the deployment:</p>\n<ul>\n<li><a href=\"/repos/v0.6.1/terraform-kubernetes-helm/modules/k8s-namespace\" class=\"preview__body--description--blue\">k8s-namespace</a>:\nProvision a Kubernetes <code>Namespace</code> with a default set of RBAC roles.</li>\n<li><a href=\"/repos/v0.6.1/terraform-kubernetes-helm/modules/k8s-namespace-roles\" class=\"preview__body--description--blue\">k8s-namespace-roles</a>:\nProvision a default set of RBAC roles to use in a <code>Namespace</code>.</li>\n<li><a href=\"/repos/v0.6.1/terraform-kubernetes-helm/modules/k8s-service-account\" class=\"preview__body--description--blue\">k8s-service-account</a>:\nProvision a Kubernetes <code>ServiceAccount</code>.</li>\n<li><a href=\"/repos/v0.6.1/terraform-kubernetes-helm/modules/k8s-tiller-tls-certs\" class=\"preview__body--description--blue\">k8s-tiller-tls-certs</a>:\nGenerate a TLS Certificate Authority (CA) and using that, generate signed TLS certificate key pairs that can be\nused for TLS verification of Tiller. The certs are managed on the cluster using Kubernetes <code>Secrets</code>. <strong>NOTE</strong>:\nThis module uses the <code>tls</code> provider, which means the generated certificate key pairs are stored in plain text in\nthe Terraform state file. If you are sensitive to secrets in Terraform state, consider using <code>kubergrunt</code> for TLS\nmanagement.</li>\n<li><a href=\"/repos/v0.6.1/terraform-kubernetes-helm/modules/k8s-helm-client-tls-certs\" class=\"preview__body--description--blue\">k8s-helm-client-tls-certs</a>:\nGenerate a signed TLS certificate key pair from a previously generated CA certificate key pair. This TLS key pair\ncan be used to authenticate a helm client to access a deployed Tiller instance. <strong>NOTE</strong>: This module uses the\n<code>tls</code> provider, which means the generated certificate key pairs are stored in plain text in the Terraform state\nfile. If you are sensitive to secrets in Terraform state, consider using <code>kubergrunt</code> for TLS management.</li>\n</ul>\n</li>\n<li>\n<p><a href=\"/repos/v0.6.1/terraform-kubernetes-helm/examples\" class=\"preview__body--description--blue\">examples</a>: This folder contains\nexamples of how to use the Submodules.</p>\n</li>\n<li>\n<p><a href=\"/repos/v0.6.1/terraform-kubernetes-helm/test\" class=\"preview__body--description--blue\">test</a>: Automated tests for the Submodules\nand examples.</p>\n</li>\n</ul>\n<h2 class=\"preview__body--subtitle\" id=\"what-is-kubernetes\">What is Kubernetes?</h2>\n<p><a href=\"https://kubernetes.io\" class=\"preview__body--description--blue\" target=\"_blank\">Kubernetes</a> is an open source container management system for deploying, scaling, and managing\ncontainerized applications. Kubernetes is built by Google based on their internal proprietary container management\nsystems (Borg and Omega). Kubernetes provides a cloud agnostic platform to deploy your containerized applications with\nbuilt in support for common operational tasks such as replication, autoscaling, self-healing, and rolling deployments.</p>\n<p>You can learn more about Kubernetes from <a href=\"https://kubernetes.io/docs/tutorials/kubernetes-basics/\" class=\"preview__body--description--blue\" target=\"_blank\">the official documentation</a>.</p>\n<h2 class=\"preview__body--subtitle\" id=\"what-is-helm\">What is Helm?</h2>\n<p><a href=\"https://helm.sh/\" class=\"preview__body--description--blue\" target=\"_blank\">Helm</a> is a package and module manager for Kubernetes that allows you to define, install, and manage\nKubernetes applications as reusable packages called Charts. Helm provides support for official charts in their\nrepository that contains various applications such as Jenkins, MySQL, and Consul to name a few. Gruntwork uses Helm\nunder the hood for the Kubernetes modules in this package.</p>\n<p>For a background on Helm and its security model, check out <a href=\"/repos/kubergrunt/HELM_GUIDE.md\" class=\"preview__body--description--blue\">our Helm Guide\ndocument</a>.</p>\n<p></p>\n<h2 class=\"preview__body--subtitle\" id=\"whats-a-module\">What's a Module?</h2>\n<p>A Module is a canonical, reusable, best-practices definition for how to run a single piece of infrastructure, such\nas a database or server cluster. Each Module is written using a combination of <a href=\"https://www.terraform.io/\" class=\"preview__body--description--blue\" target=\"_blank\">Terraform</a>\nand scripts (mostly bash) and include automated tests, documentation, and examples. It is maintained both by the open\nsource community and companies that provide commercial support.</p>\n<p>Instead of figuring out the details of how to run a piece of infrastructure from scratch, you can reuse\nexisting code that has been proven in production. And instead of maintaining all that infrastructure code yourself,\nyou can leverage the work of the Module community to pick up infrastructure improvements through\na version number bump.</p>\n<h2 class=\"preview__body--subtitle\" id=\"who-maintains-this-module\">Who maintains this Module?</h2>\n<p>This Module and its Submodules are maintained by <a href=\"http://www.gruntwork.io/\" class=\"preview__body--description--blue\" target=\"_blank\">Gruntwork</a>. If you are looking for help or\ncommercial support, send an email to\n<a href=\"mailto:support@gruntwork.io?Subject=Tiller%20Module\" class=\"preview__body--description--blue\" target=\"_blank\">support@gruntwork.io</a>.</p>\n<p>Gruntwork can help with:</p>\n<ul>\n<li>Setup, customization, and support for this Module.</li>\n<li>Modules and submodules for other types of infrastructure in major cloud providers, such as VPCs, Docker clusters,\ndatabases, and continuous integration.</li>\n<li>Modules and Submodules that meet compliance requirements, such as HIPAA.</li>\n<li>Consulting & Training on AWS, GCP, Terraform, and DevOps.</li>\n</ul>\n<h2 class=\"preview__body--subtitle\" id=\"how-do-i-contribute-to-this-module\">How do I contribute to this Module?</h2>\n<p>Contributions are very welcome! Check out the <a href=\"/repos/v0.6.1/terraform-kubernetes-helm/CONTRIBUTING.md\" class=\"preview__body--description--blue\">Contribution\nGuidelines</a> for instructions.</p>\n<h2 class=\"preview__body--subtitle\" id=\"how-is-this-module-versioned\">How is this Module versioned?</h2>\n<p>This Module follows the principles of <a href=\"http://semver.org/\" class=\"preview__body--description--blue\" target=\"_blank\">Semantic Versioning</a>. You can find each new release, along\nwith the changelog, in the <a href=\"#open_modal\" class=\"preview__body--description--blue\">Releases Page</a>.</p>\n<p>During initial development, the major version will be 0 (e.g., <code>0.x.y</code>), which indicates the code does not yet have a\nstable API. Once we hit <code>1.0.0</code>, we will make every effort to maintain a backwards compatible API and use the MAJOR,\nMINOR, and PATCH versions on each release to indicate any incompatibilities.</p>\n<h2 class=\"preview__body--subtitle\" id=\"license\">License</h2>\n<p>Please see <a href=\"/repos/v0.6.1/terraform-kubernetes-helm/LICENSE\" class=\"preview__body--description--blue\">LICENSE</a> for how the code in\nthis repo is licensed.</p>\n<p>Copyright © 2019 Gruntwork, Inc.</p>\n","repoName":"terraform-kubernetes-helm","repoRef":"v0.6.1","serviceDescriptor":{"serviceName":"Tiller / Helm","serviceRepoName":"terraform-kubernetes-helm","serviceRepoOrg":"gruntwork-io","cloudProviders":["aws"],"description":"Deploy Tiller (Helm Server) to your Kubernetes cluster as a service/package manager. Supports namespaces, service accounts, RBAC roles, and TLS.","imageUrl":"kubernetes.png","licenseType":"subscriber","technologies":["Terraform","Bash","Helm"],"compliance":[],"tags":[""]},"serviceCategoryName":"Docker services","fileName":"README.md","filePath":"","title":"Repo Browser: Tiller / Helm","description":"Browse the repos in the Gruntwork Infrastructure as Code Library."}