This topic describes how to install the Helm package manager and use Helm with VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) and TKGI-provisioned Kubernetes clusters.
Helm is a package manager you can use to deploy TKGI components, such as Wavefront, and your TKGI Kubernetes apps.
You can use Helm to install software to Kubernetes clusters deployed by TKGI.
Helm includes the following components:
Component | Role | Location |
---|---|---|
helm |
Client | Runs on your local workstation |
tiller |
Server | (Helm 2 only) Runs inside your Kubernetes cluster |
To use Helm to deploy components or your apps to TKGI clusters, see Deploy Apps and Components Using Helm.
You can use either Helm 3 or its predecessor Helm 2 as your TKGI Helm package manager. Helm 3 is more easily installed than Helm 2 and requires less configuration.
To install and configure Helm 3 for TKGI, see Install and Configure Helm 3 below. To install Helm 2, see Install and Configure Helm 2 below.
To install and configure Helm 3, follow the Step 1: Install And Configure Helm instructions in the Bitnami TKGI documentation.
To use Helm 2 with TKGI, you must first configure the Tiller component to give it access to the Kubernetes API. Tiller runs inside the Kubernetes cluster.
To grant API access to Tiller and install Helm 2:
Create a role-based access control (RBAC) configuration file named rbac-config.yaml
that contains the following:
apiVersion: v1
kind: ServiceAccount
metadata:
name: tiller
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: tiller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: tiller
namespace: kube-system
Create the service account and role by running the following command:
kubectl create -f rbac-config.yaml
Download and install the latest v2 patch release of the Helm CLI.
Deploy Helm 2 using the service account by running the following command:
helm init --service-account tiller
Verify that the permissions are configured by running the following command:
helm ls
Confirm there is not any output from the above command.
To apply more granular permissions to the Tiller service account, see the Helm RBAC documentation.
For more information about securing Helm 2, see the Bitnami article Exploring the Security of Helm.
You can use Helm to deploy third-party components or your own apps to TKGI clusters.
To deploy a third-party component on Artifact HUB to a TKGI cluster:
Download the component’s Helm chart from the official repositories in the Artifact HUB.
Complete the deployment instructions for the component.
For specific instructions on deploying Wavefront, which you might need to do for Windows worker-based clusters, see the Wavefront section of the Monitoring Windows Worker Clusters and Nodes topic.
To deploy your app to a TKGI cluster using Helm:
Package the app as a Helm chart, the package format that the helm install
command uses.
Run the helm install
command, passing in the location of your chart. For more information, see the Helm Docs.