There are four steps you should take if you are running Tiller (Helm's server-side component) in a cluster that has untrusted users or pods. These steps are done at installation time, and will substantially improve Helm's security.

The easiest way to install Tiller is with the helm init command. Run just like that, it will install a version of Tiller into the cluster. But the version it installs has permissions equivalent to root (if the cluster does not have RBAC enabled). To configu...