Helm v2: Air Gapped

Helm v2, the previous major version of the package manager for Kubernetes, makes calls out to the Internet when you initialize it. These calls are to install Tiller, the server side component that was removed in Helm v3, and to setup the stable repository. Both of these are served by the Helm project.

If you want to use Helm in an air gapped environment or an environment with severe Internet connectivity restrictions this can be a problem. What follows is guide you can use to setup Helm v2 in an air gapped environment. Note, if you move to Helm v3 this is no longer an issue and it works in an air gapped environment out of the box.


Tiller is the in-cluster component of Helm. It is hosted by the Helm project out of Google Container Repository (GCR). When helm init is run it tells the Kubernetes cluster to install Tiller. The Kubernetes cluster needs access to the Internet to pull the image from GCR. This won’t work in an air gapped environment.

There are two steps to getting past this step in an air gapped environment.

  1. Get the Tiller image you need for your version of Helm from GCR and put it a container registry that is accessible in the air gapped environment. You can find the images at https://console.cloud.google.com/gcr/images/kubernetes-helm/GLOBAL/tiller?gcrImageListsize=30.
  2. When you run helm init use the --tiller-image flag to set the image to your local container registry with your image. For example, --tiller-image=myregistry.example.com/myimages/tiller:v2.16.5.

Stable Repository

When helm init is run for the first time on a system it sets up the local configuration which includes adding the stable charts repository. This is a call over the Internet. Like the Tiller image location, the location of the stable repository can altered when helm init is run.

First, you need to setup a repository that is available to Helm. This needs to be available where the helm CLI is running instead of where the Kubernetes cluster that will run the apps is located.

A repository is fairly simple and can be served by a static web server. The only required file is an index.yaml file. The following is an index.yaml file without any charts listed:

apiVersion: v1
entries: {}
generated: "2020-04-13T10:56:23.3819-04:00"

If this is put in a location accessible in the air gapped environment over the web, Helm can use it with the --stable-repo-url flag. For example, let’s imagine the above file is placed in a repository located at https://myhelmrepo.example.com/index.yaml. When helm init is run from the CLI it can be run with --stable-repo-url=https://myhelmrepo.example.com. This will cause the stable repository, to be setup to use this custom repository location.

Helm v3

Helm v3 does not require this extra work. There is no Tiller to install and no chart repositories are added by default. It works in air gapped environments out of the box. Once you are able to make the switch, these steps will no longer be necessary.