Using Helm with Tanzu Kubernetes Grid Integrated Edition

This topic describes how to install the Helm package manager and use Helm with VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) and TKGI-provisioned Kubernetes clusters.

Overview

Helm is a package manager you can use to deploy TKGI components, such as Wavefront, and your TKGI Kubernetes apps.

You can use Helm to install software to Kubernetes clusters deployed by TKGI.

Helm includes the following components:

Component	Role	Location
`helm`	Client	Runs on your local workstation
`tiller`	Server	(Helm 2 only) Runs inside your Kubernetes cluster

To install Helm, see Install and Configure Helm.

To use Helm to deploy components or your apps to TKGI clusters, see Deploy Apps and Components Using Helm.

Install and Configure Helm

You can use either Helm 3 or its predecessor Helm 2 as your TKGI Helm package manager. Helm 3 is more easily installed than Helm 2 and requires less configuration.

To install and configure Helm 3 for TKGI, see Install and Configure Helm 3 below. To install Helm 2, see Install and Configure Helm 2 below.

Install and Configure Helm 3

To install and configure Helm 3, follow the Step 1: Install And Configure Helm instructions in the Bitnami TKGI documentation.

Install and Configure Helm 2

To use Helm 2 with TKGI, you must first configure the Tiller component to give it access to the Kubernetes API. Tiller runs inside the Kubernetes cluster.

To grant API access to Tiller and install Helm 2:

Create a role-based access control (RBAC) configuration file named rbac-config.yaml that contains the following:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: tiller
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: tiller
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: tiller
    namespace: kube-system

Create the service account and role by running the following command:
```
kubectl create -f rbac-config.yaml
```
Download and install the latest v2 patch release of the Helm CLI.
Deploy Helm 2 using the service account by running the following command:
```
helm init --service-account tiller
```
Verify that the permissions are configured by running the following command:
```
helm ls
```
Confirm there is not any output from the above command.

To apply more granular permissions to the Tiller service account, see the Helm RBAC documentation.

For more information about securing Helm 2, see the Bitnami article Exploring the Security of Helm.

Deploy Components and Apps Using Helm

You can use Helm to deploy third-party components or your own apps to TKGI clusters.

Deploy Apps Listed in Artifact HUB

To deploy a third-party component on Artifact HUB to a TKGI cluster:

Download the component’s Helm chart from the official repositories in the Artifact HUB.
Complete the deployment instructions for the component.

For specific instructions on deploying Wavefront, which you might need to do for Windows worker-based clusters, see the Wavefront section of the Monitoring Windows Worker Clusters and Nodes topic.

Deploy Your Own Apps

To deploy your app to a TKGI cluster using Helm:

Package the app as a Helm chart, the package format that the helm install command uses.
- For example Helm charts, see Concourse Helm Chart, DataDog Helm Chart, or the charts archived in Helm Charts on GitHub.
- For information on how to create a Helm chart for your app, see Charts in the Helm documentation.
Run the helm install command, passing in the location of your chart. For more information, see the Helm Docs.