diff --git a/inventory/group_vars/k8s-cluster.yml b/inventory/group_vars/k8s-cluster.yml
index 09f736af006c490ca9f6bc4bb56787880eaf750a..a400d05f91cb754ac3fcd7c01b126cefa07b025a 100644
--- a/inventory/group_vars/k8s-cluster.yml
+++ b/inventory/group_vars/k8s-cluster.yml
@@ -138,6 +138,7 @@ docker_bin_dir: "/usr/bin"
 etcd_deployment_type: docker
 kubelet_deployment_type: host
 vault_deployment_type: docker
+helm_deployment_type: docker
 
 # K8s image pull policy (imagePullPolicy)
 k8s_image_pull_policy: IfNotPresent
diff --git a/roles/kubernetes-apps/helm/defaults/main.yml b/roles/kubernetes-apps/helm/defaults/main.yml
index bb7ca244efce4d78a0ee2a82034ec64b68ee39f3..8ac51729efe45052a58b400469371c29f084db92 100644
--- a/roles/kubernetes-apps/helm/defaults/main.yml
+++ b/roles/kubernetes-apps/helm/defaults/main.yml
@@ -3,3 +3,6 @@ helm_enabled: false
 
 # specify a dir and attach it to helm for HELM_HOME.
 helm_home_dir: "/root/.helm"
+
+# Deployment mode: host or docker
+helm_deployment_type: docker
diff --git a/roles/kubernetes-apps/helm/tasks/install_docker.yml b/roles/kubernetes-apps/helm/tasks/install_docker.yml
new file mode 100644
index 0000000000000000000000000000000000000000..1fda9d347b9c854a5d40ed637801480a8c6c665f
--- /dev/null
+++ b/roles/kubernetes-apps/helm/tasks/install_docker.yml
@@ -0,0 +1,8 @@
+---
+- name: Helm | Set up helm docker launcher
+  template:
+    src: helm-container.j2
+    dest: "{{ bin_dir }}/helm"
+    owner: root
+    mode: 0755
+  register: helm_container
diff --git a/roles/kubernetes-apps/helm/tasks/install_host.yml b/roles/kubernetes-apps/helm/tasks/install_host.yml
new file mode 100644
index 0000000000000000000000000000000000000000..f7552ab977088c63c27a795610528b3416cd0a62
--- /dev/null
+++ b/roles/kubernetes-apps/helm/tasks/install_host.yml
@@ -0,0 +1,23 @@
+---
+- name: Helm | Compare host helm with hyperkube container
+  command: "{{ docker_bin_dir }}/docker run --rm -v {{ bin_dir }}:/systembindir {{ helm_image_repo }}:{{ helm_image_tag }} /usr/bin/cmp /usr/local/bin/helm /systembindir/helm"
+  register: helm_task_compare_result
+  until: helm_task_compare_result.rc in [0,1,2]
+  retries: 4
+  delay: "{{ retry_stagger | random + 3 }}"
+  changed_when: false
+  failed_when: "helm_task_compare_result.rc not in [0,1,2]"
+
+- name: Helm | Copy helm from helm container
+  command: "{{ docker_bin_dir }}/docker run --rm -v {{ bin_dir }}:/systembindir {{ helm_image_repo }}:{{ helm_image_tag }} /bin/cp -f /usr/local/bin/helm /systembindir/helm"
+  when: helm_task_compare_result.rc != 0
+  register: helm_task_result
+  until: helm_task_result.rc == 0
+  retries: 4
+  delay: "{{ retry_stagger | random + 3 }}"
+
+- name: Helm | Copy socat wrapper for Container Linux
+  command: "{{ docker_bin_dir }}/docker run --rm -v {{ bin_dir }}:/opt/bin {{ install_socat_image_repo }}:{{ install_socat_image_tag }}"
+  args:
+    creates: "{{ bin_dir }}/socat"
+  when: ansible_os_family in ['CoreOS', 'Container Linux by CoreOS']
diff --git a/roles/kubernetes-apps/helm/tasks/main.yml b/roles/kubernetes-apps/helm/tasks/main.yml
index 460cb05ab2c53f44c12f19a3e51c84e21d4d149c..027b2afdd6d62723cab2350cd54aa562fdbf56fd 100644
--- a/roles/kubernetes-apps/helm/tasks/main.yml
+++ b/roles/kubernetes-apps/helm/tasks/main.yml
@@ -3,12 +3,7 @@
   file: path={{ helm_home_dir }} state=directory
 
 - name: Helm | Set up helm launcher
-  template:
-    src: helm-container.j2
-    dest: "{{ bin_dir }}/helm"
-    owner: root
-    mode: 0755
-  register: helm_container
+  include: "install_{{ helm_deployment_type }}.yml"
 
 - name: Helm | Lay Down Helm Manifests (RBAC)
   template:
@@ -33,7 +28,7 @@
 
 - name: Helm | Install/upgrade helm
   command: "{{ bin_dir }}/helm init --upgrade --tiller-image={{ tiller_image_repo }}:{{ tiller_image_tag }}"
-  when: helm_container.changed
+  when: (helm_container is defined and helm_container.changed) or (helm_task_result is defined and helm_task_result.changed)
 
 - name: Helm | Patch tiller deployment for RBAC
   command: "{{bin_dir}}/kubectl patch deployment tiller-deploy -p '{\"spec\":{\"template\":{\"spec\":{\"serviceAccount\":\"tiller\"}}}}' -n {{ system_namespace }}"
@@ -41,4 +36,4 @@
 
 - name: Helm | Set up bash completion
   shell: "umask 022 && {{ bin_dir }}/helm completion bash >/etc/bash_completion.d/helm.sh"
-  when: ( helm_container.changed and not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] )
+  when: (helm_container is defined and helm_container.changed) or (helm_task_result is defined and helm_task_result.changed) and not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml
index 17d769ab8efb072630d8834863c6bbc5bddc241c..30b5155ff79f54fe1b066b0d7d1bec32e50c4a6d 100644
--- a/roles/kubespray-defaults/defaults/main.yaml
+++ b/roles/kubespray-defaults/defaults/main.yaml
@@ -124,6 +124,7 @@ etcd_deployment_type: docker
 kubelet_deployment_type: docker
 cert_management: script
 vault_deployment_type: docker
+helm_deployment_type: docker
 
 # Enable kubeadm deployment (experimental)
 kubeadm_enabled: false