Helm Tutorial: How To Install and Configure Helm

This post explains steps to install helm 3 on kubernetes and installing helm charts for managing and deploying applications on the Kubernetes cluster.

In helm 2 there is a helm component called tiller which will be deployed in the kubernetes kube-system namespace. Tiller components is removed in helm 3 versions.

Helm Prerequisites

You should have the following before getting started with the helm setup.

1. A running Kubernetes cluster.
2. The Kubernetes cluster API endpoint should be reachable from the machine you are running helm.
3. Authenticate the cluster using kubectl and it should have cluster-admin permissions.

Helm 3 Architecture

In helm 3 there is no tiller component. Helm client directly interacts with the kubernetes API for the helm chart deployment.

So from wherever you are running the helm command, you should have kubectl configured with cluster-admin permissions for helm to execute the manifests in the chart.

Install Helm 3 – Using Script

I recommend this method if you are setting up a test environment in your local workstation or a server. For project requirements, please follow binary installation in the next section.

Note: The workstation you are running should have the kubectl context set to the cluster you want to manage with Helm.

Step 1: Download the latest helm 3 installation script.

curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3

Step 2: Add execute permissions to the downloaded script.

chmod +x get_helm.sh

Step 3: Execute the installation script. This script will automatically find the right binary for your system.

./get_helm.sh

Step 4: Validate helm installation by executing the helm command.

helm

Install Helm 3 From Binary

This method is recommended for project requirements where you can have specific version of helm installed across all the environments.

For example, if you are using Jenkins for Helm deployments, ensure the Jenkins agent where the helm command runs have kubectl configured with admin permissions.

Step 1: Head over to the Github helm release page and copy the Linux amd64 link for the required version.

Step 2: Download the binary using wget.

wget -O helm.tar.gz https://get.helm.sh/helm-v3.5.4-linux-amd64.tar.gz

Step 3: Untar the downloaded file.

tar -zxvf helm.tar.gz

Step 4: Move the helm executable to the bin directory.

sudo mv linux-amd64/helm /usr/local/bin/helm

Step 5: Validate by executing the helm command.

helm

Add Stable Helm Repo

Helm repo contains the stable helm charts developed and maintained by the community.

Now, add the public stable helm repo for installing the stable charts.

helm repo add stable https://charts.helm.sh/stable

You can search the available chart using the search command. For example, if you want to set up Jenkins on Kubernetes, you can search for Jenkins chart using the following command.

helm search repo jenkins

Alternatively, you can search stable community charts via artifacthub.com. Here you can find many community-contributed helm charts.

Install & Validate Helm Chart

To validate the helm setup, lets setup nginx ingress controller using helm chart available in artifacthub.

Step 1: First add the nginx-ingress helm repo.

helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx

Step 2: Update the chart repo.

helm repo update

Step 3: Let’s install a stable Nginx chart and test the setup. The ingress controller gets deployed in the default namespace.

helm install ingress-controller ingress-nginx/ingress-nginx

Here ingress-controller is the custom release name. You can give the name of your preference.

Step 4: Now, check the status of the ingress helm deployment using the following command. It should show the status of the deployment.

helm ls

Alternatively you can use kubectl command to check the ingress deployment in the default namespace.

kubectl get deployments

Step 4: Now, to remove the deployment after validation, all you have to do is uninstall the deployment using its release name.

helm uninstall ingress-controller

Installing & Configuring Helm 2 [Not Recomended]

Here is the helm 2 architecture.

This installation is on the client side. ie, a personal workstation, a Linux VM, etc. You can install the helm using a single liner. It will automatically find your OS type and installs helm on it.

Execute the following from your command line.

curl -L https://git.io/get_helm.sh | bash

Create Tiller Service Account With Cluster Admin Permissions

Tiller is the server component for helm. Tiller will be present in the kubernetes cluster and the helm client talks to it for deploying applications using helm charts.

Helm will be managing your cluster resources. So we need to add necessary permissions to the tiller components which resides in the cluster kube-system namespace.

Here is what we will do,

1. Create a service account names tiller
2. Create a ClusterRoleBinding with cluster-admin permissions to the tiller service account.

We will add both service account and clusterRoleBinding in one yaml file.

Create a file named helm-rbac.yaml and copy the following contents to the file.

apiVersion: v1
kind: ServiceAccount
metadata:
  name: tiller
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: tiller
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: tiller
    namespace: kube-system

Lets create these resources using kubectl

kubectl apply -f helm-rbac.yam

Initialize Helm: Deploy Tiller

Next step is to initialize helm. When you initialize helm, a deployment named tiller-deploy will be deployed in the kube-system namespace.

Initialize helm using the following command.

helm init --service-account=tiller --history-max 300

If you want a specific tiller version to be installed, you can specify the tiller image link in the init command using --tiller-image flag. You can find the all tiller docker images in public google GCR registry.

helm init --service-account=tiller --tiller-image=gcr.io/kubernetes-helm/tiller:v2.14.1   --history-max 300

If you dont mention “–service-account=tiller”, you will get the following error.

Error: no available release name found

You can check the tiller deployment in the kube-system namespace using kubectl.

kubectl get deployment tiller-deploy -n kube-system

Deploy a Sample App Using Helm

Now lets deploy a sample nginx ingress using helm.

Execute the following helm install command to deploy an nginx ingress in the kubernetes cluster. It will download the nginx-ingress helm chart from the public github helm chart repo.

helm install stable/nginx-ingress --name nginx-ingress

You can check the install helm chart using the following command.

helm ls

You can delete the sample deployment using delete command. For example,

helm delete nginx-ingress

Remove Helm (Tiller) From Kubernetes Cluster

If you want to remove the tiller installtion from the kubernetes cluster use the following command.

helm reset

For some reason, if it throws error, force remove it using the following command.

helm reset --force

Also you can use the kubectl command to remove it.

kubectl delete deployment tiller-deploy --namespace kube-system

Conclusion

I this post we have seen how to install helm 3, install char repo and validate a sample helm deployment.

When you use helm for project use cases, it is recommended you create your own helm charts with approved images from the security team.

If you use community helm charts in project environments, ensure you replace the community images with custom build images.

In the next blog post, we will look in to chart development and best practices of HELM