Kubernetes - Helm

Posted on In

Helm - The Kubernetes Package Manager.

Use Helm to:

  • Find and use popular software packaged as Helm charts to run in Kubernetes
  • Share your own applications as Helm charts
  • Create reproducible builds of your Kubernetes applications
  • Intelligently manage your Kubernetes manifest files
  • Manage releases of Helm packages

Helm is similar to maven, npm and apt except it manages Kubernetes resources.

Key Concepts

Tiller Server and Helm Client

Tiller Server: Tiller is the in-cluster component of Helm. It interacts directly with the Kubernetes API server to install, upgrade, query, and remove Kubernetes resources. It also stores the objects that represent releases.

Helm Client: CLI tool for users to work with Helm Charts.

Chart

Charts are packages of pre-configured Kubernetes resources.

Release

When a chart is installed, Tiller (the Helm server) creates a release to track that installation. Release is an running instance of Chart. You can think of it as an application.

Install Helm

Helm is composed of two parts: Helm (the client) and Tiller (the server)

Install Helm Client

run kubectl config current-context or kubectl cluster-info to see the current cluster. Make sure it is currently running.

Install Helm

1
2
3
curl https://raw.githubusercontent.com/kubernetes/helm/master/scripts/get > get_helm.sh
chmod 700 get_helm.sh
./get_helm.sh

Use helm version to check Helm version. Output should look like this

1
2
3
$ helm version
Client: &version.Version{SemVer:"v2.14.3", GitCommit:"0e7f3b6637f7af8fcfddb3d2941fcc7cbebb0085", GitTreeState:"clean"}
Error: could not find tiller

Install Tiller Server

Initialize the local CLI and also install Tiller into your Kubernetes cluster in one step using helm init command. 

1
2
3
4
5
6
7
8
$ helm init
$HELM_HOME has been configured at /home/xing/.helm.

Tiller (the Helm server-side component) has been installed into your Kubernetes Cluster.

Please note: by default, Tiller is deployed with an insecure 'allow unauthenticated users' policy.
To prevent this, run `helm init` with the --tiller-tls-verify flag.
For more information on securing your installation see: https://docs.helm.sh/using_helm/#securing-your-helm-installation

It may take a minute for tiller to install. Use helm ls to verify tiller is installed.

If tiller is not ready, error will be return.

1
2
$ helm ls
Error: could not find a ready tiller po

Helm Install Default Charts

get latest list of charts

1
helm repo update

Install a chart. Mysql in this case. The notes from the output should tell you what resources are installed and how to interact with the release. In this case MySQL.

1
helm install stable/mysql --name my-release

add service account if helm install fail because of permission issue

1
2
3
kubectl create serviceaccount --namespace kube-system tiller
kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'

Delete Tiller and reinstall if Tiller is not working

1
2
kubectl delete deployment tiller-deploy -n kube-system
kubectl delete service tiller-deploy -n kube-system

To see what is release

1
helm ls

To delete a release 

1
helm delete my-release

Create and Install Customized Chart

Let’s learn to create a customized chart for httpd

To create a chart for httpd

1
helm create httpdchart

The default chart created use nginx. Modify values.yaml to use httpd

1
2
3
4
image:
  repository: httpd
  tag: latest
  pullPolicy: IfNotPresent

use helm lint httpchart to check errors. 

1
helm lint httpchart

Dry run to get the yaml to be generate

1
helm install --dry-run httpdchart --debug

Use helm install to install the chart. This will create deployment, pod and service. 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
$ helm install httpdchart --name myhttpd
NAME:   myhttpd
LAST DEPLOYED: Tue Oct  8 03:03:22 2019
NAMESPACE: default
STATUS: DEPLOYED

RESOURCES:
==> v1/Deployment
NAME                READY  UP-TO-DATE  AVAILABLE  AGE
myhttpd-httpdchart  0/1    1           0          0s

==> v1/Pod(related)
NAME                                 READY  STATUS             RESTARTS  AGE
myhttpd-httpdchart-6c5544955b-68slm  0/1    ContainerCreating  0         0s

==> v1/Service
NAME                TYPE          CLUSTER-IP    EXTERNAL-IP  PORT(S)       AGE
myhttpd-httpdchart  LoadBalancer  10.107.67.34  <pending>    80:31042/TCP  0s

Test the service just created.

1
2
3
$ curl $(minikube ip):$(kubectl get service/myhttpd-httpdchart -o jsonpath="{.spec.ports[*].nodePort}")
<html><body><h1>It works!</h1></body></html>

References