Helm 2 vs Helm 3: Key Differences and When to Use Each
Helm 2 and Helm 3 is that Helm 3 removes the need for Tiller, improving security by running client-side only. Helm 3 also supports Kubernetes CRDs better and has a simplified release management system.Quick Comparison
Here is a quick side-by-side comparison of key features between Helm 2 and Helm 3.
| Feature | Helm 2 | Helm 3 |
|---|---|---|
| Architecture | Client + Server (Tiller) in cluster | Client only, no Tiller |
| Security | Tiller has cluster-wide permissions | No Tiller, uses kubeconfig permissions |
| CRD Support | Limited, manual management needed | Native support with hooks |
| Release Storage | Stored in ConfigMaps/Secrets via Tiller | Stored directly in Secrets by client |
| Kubernetes Compatibility | Supports up to Kubernetes 1.14 | Supports Kubernetes 1.14 and newer |
| Chart Repository | Basic support | Improved OCI support for charts |
Key Differences
Helm 2 uses a server-side component called Tiller that runs inside the Kubernetes cluster. Tiller manages releases and has broad permissions, which raised security concerns because it could modify any resource in the cluster. Helm 3 removes Tiller entirely, running all operations client-side using the user's Kubernetes credentials, making it safer and simpler.
Another major difference is how Helm 3 handles Custom Resource Definitions (CRDs). Helm 2 required manual CRD management, which was error-prone. Helm 3 introduces native CRD support with lifecycle hooks, allowing CRDs to be installed and upgraded smoothly as part of charts.
Release storage also changed: Helm 2 stored release data via Tiller in ConfigMaps or Secrets, while Helm 3 stores release information directly in Secrets managed by the client. This change improves reliability and aligns with Kubernetes best practices. Additionally, Helm 3 supports newer Kubernetes versions and adds OCI-compliant chart repository support for better chart distribution.
Code Comparison
Installing a chart with Helm 2 requires initializing Tiller first and then running the install command.
helm init helm install stable/nginx --name my-nginx
Helm 3 Equivalent
In Helm 3, there is no need to initialize Tiller. You can install the same chart directly with a simpler command.
helm install my-nginx stable/nginx
When to Use Which
Choose Helm 3 for new projects because it is more secure, simpler to use, and supports modern Kubernetes features like CRDs and OCI charts. It avoids the security risks of Tiller and works well with current Kubernetes versions.
Use Helm 2 only if you maintain legacy systems that depend on Tiller or older Kubernetes versions not supported by Helm 3. However, migrating to Helm 3 is recommended for better security and functionality.