This post explains steps to install helm 3 on kubernetes and installing helm charts for managing and deploying applications on the Kubernetes cluster.
In helm 2 there is a helm component called tiller which will be deployed in the kubernetes
kube-system namespace. Tiller components is removed in helm 3 versions.
You should have the following before getting started with the helm setup.
- A running Kubernetes cluster.
- The Kubernetes cluster API endpoint should be reachable from the machine you are running helm.
- Authenticate the cluster using kubectl and it should have cluster-admin permissions.
Helm 3 Architecture
In helm 3 there is no tiller component. Helm client directly interacts with the kubernetes API for the helm chart deployment.
So from wherever you are running the helm command, you should have kubectl configured with cluster-admin permissions for helm to execute the manifests in the chart.
Install Helm 3 – Using Script
I recommend this method if you are setting up a test environment in your local workstation or a server. For project requirements, please follow binary installation in the next section.
Note: The workstation you are running should have the kubectl context set to the cluster you want to manage with Helm.
Step 1: Download the latest helm 3 installation script.
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3
Step 2: Add execute permissions to the downloaded script.
chmod +x get_helm.sh
Step 3: Execute the installation script. This script will automatically find the right binary for your system.
Step 4: Validate helm installation by executing the helm command.
Install Helm 3 From Binary
This method is recommended for project requirements where you can have specific version of helm installed across all the environments.
Step 1: Head over to the Github helm release page and copy the Linux amd64 link for the required version.
Step 2: Download the binary using wget.
wget -O helm.tar.gz https://get.helm.sh/helm-v3.5.4-linux-amd64.tar.gz
Step 3: Untar the downloaded file.
tar -zxvf helm.tar.gz
Step 4: Move the helm executable to the bin directory.
sudo mv linux-amd64/helm /usr/local/bin/helm
Step 5: Validate by executing the helm command.
Add Stable Helm Repo
Helm repo contains the stable helm charts developed and maintained by the community.
Now, add the public stable helm repo for installing the stable charts.
helm repo add stable https://charts.helm.sh/stable
You can search the available chart using the search command. For example, if you want to set up Jenkins on Kubernetes, you can search for Jenkins chart using the following command.
helm search repo jenkins
Alternatively, you can search stable community charts via artifacthub.com. Here you can find many community-contributed helm charts.
Install & Validate Helm Chart
To validate the helm setup, lets setup nginx ingress controller using helm chart available in artifacthub.
Step 1: First add the nginx-ingress helm repo.
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
Step 2: Update the chart repo.
helm repo update
Step 3: Let’s install a stable Nginx chart and test the setup. The ingress controller gets deployed in the default namespace.
helm install ingress-controller ingress-nginx/ingress-nginx
ingress-controller is the custom release name. You can give the name of your preference.
Step 4: Now, check the status of the ingress helm deployment using the following command. It should show the status of the deployment.
Alternatively you can use kubectl command to check the ingress deployment in the default namespace.
kubectl get deployments
Step 4: Now, to remove the deployment after validation, all you have to do is uninstall the deployment using its release name.
helm uninstall ingress-controller
Installing & Configuring Helm 2 [Not Recomended]
Here is the helm 2 architecture.
This installation is on the client side. ie, a personal workstation, a Linux VM, etc. You can install the helm using a single liner. It will automatically find your OS type and installs helm on it.
Execute the following from your command line.
curl -L https://git.io/get_helm.sh | bash
Create Tiller Service Account With Cluster Admin Permissions
Tiller is the server component for helm. Tiller will be present in the kubernetes cluster and the helm client talks to it for deploying applications using helm charts.
Helm will be managing your cluster resources. So we need to add necessary permissions to the tiller components which resides in the cluster
Here is what we will do,
- Create a service account names tiller
- Create a ClusterRoleBinding with cluster-admin permissions to the tiller service account.
We will add both service account and clusterRoleBinding in one yaml file.
Create a file named
helm-rbac.yaml and copy the following contents to the file.
apiVersion: v1 kind: ServiceAccount metadata: name: tiller namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: tiller roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: tiller namespace: kube-system
Lets create these resources using kubectl
kubectl apply -f helm-rbac.yam
Initialize Helm: Deploy Tiller
Next step is to initialize helm. When you initialize helm, a deployment named tiller-deploy will be deployed in the kube-system namespace.
Initialize helm using the following command.
helm init --service-account=tiller --history-max 300
If you want a specific tiller version to be installed, you can specify the tiller image link in the init command using
--tiller-image flag. You can find the all tiller docker images in public google GCR registry.
helm init --service-account=tiller --tiller-image=gcr.io/kubernetes-helm/tiller:v2.14.1 --history-max 300
If you dont mention “–service-account=tiller”, you will get the following error.
Error: no available release name found
You can check the tiller deployment in the kube-system namespace using kubectl.
kubectl get deployment tiller-deploy -n kube-system
Deploy a Sample App Using Helm
Now lets deploy a sample nginx ingress using helm.
Execute the following helm install command to deploy an nginx ingress in the kubernetes cluster. It will download the nginx-ingress helm chart from the public github helm chart repo.
helm install stable/nginx-ingress --name nginx-ingress
You can check the install helm chart using the following command.
You can delete the sample deployment using delete command. For example,
helm delete nginx-ingress
Remove Helm (Tiller) From Kubernetes Cluster
If you want to remove the tiller installtion from the kubernetes cluster use the following command.
For some reason, if it throws error, force remove it using the following command.
helm reset --force
Also you can use the kubectl command to remove it.
kubectl delete deployment tiller-deploy --namespace kube-system
I this post we have seen how to install helm 3, install char repo and validate a sample helm deployment.
When you use helm for project use cases, it is recommended you create your own helm charts with approved images from the security team.
If you use community helm charts in project environments, ensure you replace the community images with custom build images.
In the next blog post, we will look in to chart development and best practices of HELM