Over the last few weeks I was setting up Kubernetes in the lab. One thing I quickly learned was managing and editing yaml files for deployments, services and persistent volume claims became confusing and hard. Even when I had things commited in github sometimes I would make edits then not push them then rebuild my K8s cluster.
The last straw was when 2 of our Pure developers said that editing yaml in vi wasn’t very cool and to start using helm.
Needless to say that was good advice. I still have to remember to push my repos to github. Now my demostration applications are more “cloud native”. I can create and edit them in one environment and use helm install in another and have it just work.
Using the intructions from:
Now I am abreviating most of what is in the docs but I want to clarify on one thing I learn while installing helm. Since I am using K8s 1.9.3 RBAC is required. It would be easy to read to fast through the documentation quickstart and install helm before setting up your roles.
Just for ease I jump straight to this section https://docs.helm.sh/using_helm/#role-based-access-control
Create the rbac-config.yaml file with the following:
apiVersion: v1 kind: ServiceAccount metadata: name: tiller namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: tiller roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: tiller namespace: kube-system
Now your namespace and Service account roles might be different. This works for my clusters. Read the documentation carefully to make sure you don’t create a security hole.
Download and install helm
- Download the correct version for your system. Also if you are managing form a Mac, there is a homebrew install
- For macos:
- brew install kubernetes-helm
- If you downloaded helm for linux or another system unpack and set the permissions on the binary
- tar -zxvf helm-v2.0.0-linux-amd64.tgz
- mv linux-amd64/helm /usr/local/bin/helm
- Now if you have helm extracted and installed you should be able to type “helm version” or “helm help”
Setup your RBAC and Install Helm
$kubectl create -f rbac-config.yaml serviceaccount "tiller" created clusterrolebinding "tiller" created $ helm init --service-account tiller
We initialized helm with the service account we created within our K8s cluster. Helm has 2 components. First is the helm client. Which is what you are running from your CLI. The second peice is a pod called tiller-deploy-<some unique id>. You can see this pod in my environment by running
$kubectl get pod -n kube-system
If you installed helm into another namespace you will have to substitute your namespace for kube-system.
How to use Helm
Basically helm uses a chart. The contents of a chart can be found here(with an example of the files in the directory):
wordpress/ Chart.yaml # A YAML file containing information about the chart LICENSE # OPTIONAL: A plain text file containing the license for the chart README.md # OPTIONAL: A human-readable README file requirements.yaml # OPTIONAL: A YAML file listing dependencies for the chart values.yaml # The default configuration values for this chart charts/ # OPTIONAL: A directory containing any charts upon which this chart depends. templates/ # OPTIONAL: A directory of templates that, when combined with values, # will generate valid Kubernetes manifest files. templates/NOTES.txt # OPTIONAL: A plain text file containing short usage notes
There are many preconfigured charts in the default repo. You can also add a github repository of your own application as a repo that way you can easily install your charts anywhere. I will post this as a seperate blog.
So how do I actually deploy an application?
$helm install [chart] [flags]
In the following youtube demo I actually have the chart locally on my machine because I wanted to edit the values.yaml file to change some default options. There are ways to override the defaults in the command line. I decided to explore the chart a little more.
To download a chart
$helm fetch [chart]
This will download the tgz file and you can expand this file and see all the contents. For me a good way to learn was to start tweaking the files and see what happened.