diff --git a/Dockerfile b/Dockerfile
index 275bc181..b9cd4d9d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,19 +2,23 @@ FROM golang:1.9.2-alpine3.7
 
 RUN apk update && \
     apk --update add \
-      jq \
-      git \
-      make \
-      curl \
       bash \
-      grep
+      ca-certificates \
+      coreutils \
+      curl \
+      git \
+      gettext \
+      grep \
+      jq \
+      make
 
 ADD ./ /build-harness/
 
-RUN cd /build-harness && \
-      make helm/install template/deps
+ENV INSTALL_PATH /usr/local/bin
 
 WORKDIR /build-harness
 
+RUN make -s chamber/install helm/install helmfile/install template/deps
+
 ENTRYPOINT ["/bin/bash"]
 
diff --git a/bin/helm_toolbox.sh b/bin/helm_toolbox.sh
new file mode 100755
index 00000000..c3501842
--- /dev/null
+++ b/bin/helm_toolbox.sh
@@ -0,0 +1,71 @@
+#!/bin/bash
+
+export TIMEOUT=3
+export STDOUT=${STDOUT:-/dev/null}
+
+# helper functions
+function info() { 
+	echo -e "\e[32mINFO:\e[0m $1"; 
+}
+
+function err() {
+	echo -e "\e[31mERROR:\e[0m $1" ; 
+	exit 1; 
+}
+
+function check() { 
+	command -v "$1" >/dev/null 2>&1 || err "$1 not installed!"; 
+}
+
+# wait for helm to become operational
+wait_for_helm() {
+	info "Waiting for helm tiller..."
+	while true; do
+		status=$(kubectl get pods -l app=helm -l name=tiller --show-all=false -o=custom-columns=STATUS:.status.phase --no-headers=true -nkube-system | tr '\n' ',')
+		info "Helm status: $status"
+		if [ "$status" = "Running" ]; then
+			break;
+		fi
+		sleep $TIMEOUT
+	done
+}
+
+function set_context() {
+  if [ -n "$KUBE_CONTEXT" ]; then
+	info "Using ${KUBE_CONTEXT} kube context"
+	kubectl config use-context ${KUBE_CONTEXT}
+  fi
+}
+
+function upsert() {
+	helm_version=$(helm version --client --short | grep -Eo "v[0-9]\.[0-9]\.[0-9]")
+	tiller_version=$(timeout $TIMEOUT helm version --server --short | grep -Eo "v[0-9]\.[0-9]\.[0-9]")
+
+    if [ -z "$tiller_version" ]; then
+      err "Unable to connect to helm server"
+    fi
+
+	if [ "$helm_version" != "$tiller_version" ]; then
+		info "Helm version: $helm_version, differs with tiller version: $tiller_version"
+		info "Upgrarding tiller to $helm_version"
+		helm init --upgrade --force-upgrade > $STDOUT
+		wait_for_helm
+		sleep 3
+		info "Helm version"
+		helm version --short | sed 's/^/  - /'
+	else
+		info "Helm version: $helm_version matches tiller version: $tiller_version."
+		info "Initializing helm client..."
+	 	helm init --client-only > $STDOUT
+	fi
+}
+
+if [ "$1" == "upsert" ]; then
+	check kubectl
+	check helm
+	check timeout
+	set_context
+	upsert
+else
+	err "Unknown commmand"
+fi
diff --git a/modules/chamber/Makefile b/modules/chamber/Makefile
new file mode 100644
index 00000000..25b4033a
--- /dev/null
+++ b/modules/chamber/Makefile
@@ -0,0 +1,9 @@
+CURL := $(shell which curl)
+CHAMBER_VERSION ?= 2.0.0
+CHAMBER := $(shell which chamber)
+
+## Install chamber
+chamber/install: packages/install/chamber
+	@exit 0
+
+
diff --git a/modules/helm/Makefile b/modules/helm/Makefile
index 5937b231..3ed8d68c 100644
--- a/modules/helm/Makefile
+++ b/modules/helm/Makefile
@@ -1,5 +1,5 @@
 CURL := $(shell which curl)
-HELM_VERSION ?= v2.7.2
+export HELM_VERSION ?= 2.9.0
 HELM_PLATFORM ?= $(OS)-amd64
 HELM := $(shell which helm)
 HELM_HOME ?= $(HOME)/.helm
@@ -8,10 +8,7 @@ HELM_REPO_PATH ?= ./$(REPO_NAME)
 HELM_PACKAGE_PATH ?= ./packages/$(REPO_NAME)
 
 ## Install helm
-helm/install:
-	@$(CURL) https://kubernetes-helm.storage.googleapis.com/helm-$(HELM_VERSION)-$(HELM_PLATFORM).tar.gz | tar xvz
-	@chmod +x $(HELM_PLATFORM)/helm
-	@mv $(HELM_PLATFORM)/helm /usr/local/bin/
+helm/install: packages/install/helm packages/install/yq
 	@helm init --client-only
 	@chmod -R 777 "$(HELM_HOME)"
 	@helm repo remove local || true
@@ -20,5 +17,10 @@ helm/install:
 helm/serve/index:
 	$(call assert-set,CURRENT_REPO_URL)
 	$(call assert-set,HELM)
-	@$(SELF) helm:repo:index REPO_NAME=incubator
-	@$(SELF) helm:repo:index REPO_NAME=stable
+	@$(SELF) helm/repo/index REPO_NAME=incubator
+	@$(SELF) helm/repo/index REPO_NAME=stable
+
+## Install or upgrade helm tiller 
+helm/toolbox/upsert:
+	@$(BUILD_HARNESS_PATH)/bin/helm_toolbox.sh upsert
+
diff --git a/modules/helm/Makefile.chart b/modules/helm/Makefile.chart
index 30d66845..b872a17a 100644
--- a/modules/helm/Makefile.chart
+++ b/modules/helm/Makefile.chart
@@ -34,7 +34,9 @@ helm/chart/build:
 	@rm -rf $(HELM_PACKAGE_PATH)$(CHART_NAME)
 	@mkdir -p $(HELM_PACKAGE_PATH)$(CHART_NAME)
 	@cp -R $(CHART_TPL)/* $(HELM_PACKAGE_PATH)$(CHART_NAME)
-	@find $(HELM_PACKAGE_PATH)$(CHART_NAME) -type f | xargs -I{} bash -c 'IN={} OUT={} $(SELF) -s template/build'
+	@echo "Pinning chart version and image.tag to $(SEMVERSION)"
+	@set -o pipefail; yq write --inplace $(HELM_PACKAGE_PATH)$(CHART_NAME)/Chart.yaml version $(SEMVERSION) | head -1
+	@set -o pipefail; yq write --inplace $(HELM_PACKAGE_PATH)$(CHART_NAME)/values.yaml image.tag $(SEMVERSION) | head -1
 	@echo "Fetch dependencies"
 	@$(HELM) dependency build --debug $(HELM_PACKAGE_PATH)$(CHART_NAME)
 	@echo "Create package"
@@ -49,10 +51,10 @@ helm/chart/build-all:
 	$(call assert-set,CHART_TPL)
 	@for version in $(SEMVERSIONS) ; do \
 		echo "Build chart $(CHART_NAME) version $$version"; \
-		CHART_NAME=$(CHART_NAME) \
-		CHART_TPL=$(CHART_TPL) \
-		SEMVERSION=$$version \
-		$(SELF) -s helm/chart/build; \
+		$(SELF) -s helm/chart/build \
+			CHART_NAME=$(CHART_NAME) \
+			CHART_TPL=$(CHART_TPL) \
+			SEMVERSION=$$version; \
 	done
 
 ## Publish chart $CHART_NAME to $REPO_GATEWAY_ENDPOINT
diff --git a/modules/helmfile/Makefile b/modules/helmfile/Makefile
new file mode 100644
index 00000000..d5487ebd
--- /dev/null
+++ b/modules/helmfile/Makefile
@@ -0,0 +1,9 @@
+CURL := $(shell which curl)
+HELMFILE_VERSION ?= 0.12.0
+HELMFILE := $(shell which helm)
+
+## Install helmfile
+helmfile/install: packages/install/helmfile packages/install/kubectl packages/install/helm
+	@exit 0
+
+
diff --git a/modules/packages/Makefile b/modules/packages/Makefile
new file mode 100644
index 00000000..f458aafc
--- /dev/null
+++ b/modules/packages/Makefile
@@ -0,0 +1,20 @@
+export INSTALL_PATH ?= $(BUILD_HARNESS_PATH)/vendor
+export PACKAGES_VERSION ?= 0.1.0
+export PACKAGES_PATH ?= $(BUILD_HARNESS_PATH)/vendor/packages
+
+## Install packages 
+packages/install:
+	@if [ ! -d $(PACKAGES_PATH) ]; then \
+	  echo "Installing packages $(PACKAGES_VERSION)..."; \
+	  rm -rf $(PACKAGES_PATH); \
+	  git clone --depth=1 -b $(PACKAGES_VERSION) https://github.com/cloudposse/packages.git $(PACKAGES_PATH); \
+	  rm -rf $(PACKAGES_PATH)/.git; \
+	fi
+
+## Install package (e.g. helm, helmfile, kubectl)
+packages/install/%: packages/install
+	@make -C $(PACKAGES_PATH)/install $(subst packages/install/,,$@)
+
+## Uninstall package (e.g. helm, helmfile, kubectl)
+packages/uninstall/%: packages/install
+	@make -C $(PACKAGES_PATH)/uninstall $(subst packages/uninstall/,,$@)