How to secure the Helm Operator (a little more)

Problem statement

As a platform engineer
I want our workloads to be as secure as possible
So that we don’t leave ourselves open to explotation

Recommended Tooling

I am planning to write another blog post on how we use kubeaudit above as part of our CI process.

Note: Their are many more but these are a good starting point.

The Helm Operator Problem

For more information on the Helm Operator please see


We can now add the following values to your HelmRelease’s.

readOnlyRootFilesystem: true
- name: tmp
mountPath: /tmp extraVolumes:
- name: tmp
emptyDir: {}



Independent Kubernetes Consultant & Trainer.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store