In today’s guide, we will look at how you can install and use Helm 2 to deploy and manage applications (Helm charts) on your Kubernetes cluster. Helm is a tool created to streamline the installation and management of Kubernetes applications. You can think of Helm like the YUM / APT or Homebrew package managers for Kubernetes.
There are few prerequisites required for a successful installation and operation of Helm.
- A Kubernetes cluster
- Admin access to install Tiller
- Locally configured
Check our guides on installation of Kubernetes:
- How To Deploy Lightweight Kubernetes Cluster in 5 minutes with K3s
- Deploy Production Ready Kubernetes Cluster with Ansible & Kubespray
- How To run Local Kubernetes Cluster in Docker Containers
For Kubectl configuration to manage kubernetes , check: Easily Manage Multiple Kubernetes Clusters with kubectl & kubectx
Step 1: Installing Helm client
Helm client runs on your laptop, CI/CD pipelines, etc. The installation of helm client is simplified for you through bash script.
curl -L https://git.io/get_helm.sh | bash
Here is the expected installation output:
Helm v2.17.0 is available. Changing from version . Downloading https://get.helm.sh/helm-v2.17.0-linux-amd64.tar.gz Preparing to install helm and tiller into /usr/local/bin helm installed into /usr/local/bin/helm tiller installed into /usr/local/bin/tiller Run 'helm init' to configure helm.
The helm binary package will be installed to
$ helm version Client: &version.VersionSemVer:"v2.17.0", GitCommit:"a690bad98af45b015bd3da1a41f6218b1a451dbe", GitTreeState:"clean"
Step 2: Create Tiller service account & Role binding
Helm2 has a server component called Tiller. This changed in Helm 3 as there is no tiller. The tiller service will run in our Kubernetes cluster and the helm client talks to it when managing helm applications in the cluster.
We need to create service account for Tiller with admin access to the cluster. Create a new file called tiller-serivice-account.yaml.
Paste below data to the file.
apiVersion: v1 kind: ServiceAccount metadata: name: tiller namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: tiller roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: tiller namespace: kube-system
From the manifest definition, we have created a ClusterRoleBinding with cluster-admin permissions to the tiller service account.
Create the resources in Kubernetes using the kubectl command:
$ kubectl apply -f tiller-account-rbac.yaml serviceaccount/tiller created clusterrolebinding.rbac.authorization.k8s.io/tiller created
Confirm creation of these objects:
$ kubectl get serviceaccount tiller -n kube-system NAME SECRETS AGE tiller 1 64s $ kubectl get clusterrolebinding tiller -n kube-system NAME AGE tiller 100s
Step 3: Deploy Tiller and Initialize Helm
The helm init command is used to install Tiller (the Helm server-side component) onto your
Kubernetes Cluster. Note that this command discovers Kubernetes clusters
by reading $KUBECONFIG (default ‘~/.kube/config‘) and using the default context.
If you have multiple clusters, ensure you switch to desired cluster, ref:
Now initialize Helm using the command below.
helm init --service-account=tiller \ --stable-repo-url=https://charts.helm.sh/stable \ --upgrade \ --automount-service-account-token=true \ --replicas=1 \ --history-max=100 \ --wait
Below is the output from the helm init command.
Creating /home/jkmutai/.helm/repository/repositories.yaml Adding stable repo with URL: https://charts.helm.sh/stable Adding local repo with URL: http://127.0.0.1:8879/charts $HELM_HOME has been configured at /home/jkmutai/.helm. Tiller (the Helm server-side component) has been installed into your Kubernetes Cluster. Please note: by default, Tiller is deployed with an insecure 'allow unauthenticated users' policy. To prevent this, run `helm init` with the --tiller-tls-verify flag. For more information on securing your installation see: https://v2.helm.sh/docs/securing_installation/
The initialization will also set up local configuration in $HELM_HOME (default ~/.helm/)
$ ls ~/.helm cache plugins repository starters
On the kubernetes end, you should see a new deployment called tiller-deploy.
$ kubectl get deployment -n kube-system NAME READY UP-TO-DATE AVAILABLE AGE metrics-server 1/1 1 1 20d local-path-provisioner 1/1 1 1 20d coredns 1/1 1 1 20d traefik 1/1 1 1 20d tiller-deploy 1/1 1 1 63m $ kubectl get deployment tiller-deploy -n kube-system -o wide NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR tiller-deploy 1/1 1 1 64m tiller gcr.io/kubernetes-helm/tiller:v2.16.1 app=helm,name=tiller
Now visit Helm 2 documentation page to get started. Since Helm 2 is now legacy, we’ll cover the installation and usage of Helm 3 in our next guide.