forked from pivotal-cf/docs-pks
-
Notifications
You must be signed in to change notification settings - Fork 0
/
helm.html.md.erb
90 lines (70 loc) · 2.63 KB
/
helm.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
---
title: Using Helm with PKS
owner: PKS
---
<strong><%= modified_date %></strong>
This topic describes how to use the package manager [Helm](https://helm.sh/) for your
Kubernetes apps running on Pivotal Container Service (PKS).
##<a id='overview'></a> Overview
Helm includes the following components:
<table>
<tr>
<th>Component</th>
<th>Role</th>
<th>Location</th>
</tr>
<tr>
<td><code>helm</code></td>
<td>Client</td>
<td>Runs on your local workstation</td>
</tr>
<tr>
<td><code>tiller</code></td>
<td>Server</td>
<td>Runs inside your Kubernetes cluster</td>
</tr>
</table>
Helm packages are called **charts**. For more information, see
[Charts](https://docs.helm.sh/developing_charts/) in the Helm documentation.
Examples of charts:
* [Concourse](https://github.com/kubernetes/charts/tree/master/stable/concourse) for CI/CD pipelines
* [Datadog](https://github.com/kubernetes/charts/tree/master/stable/datadog) for monitoring
* [MySQL](https://github.com/kubernetes/charts/tree/master/stable/mysql) for storage
For more charts, see the [Helm Charts repository](https://github.com/kubernetes/charts) on GitHub.
##<a id='configure-tiller'></a> Configure Tiller
If you want to use Helm with PKS, you must configure Tiller.
Tiller runs inside the Kubernetes cluster and requires access to the Kubernetes API.
If you use role-based access control (RBAC) in PKS, perform the steps in this section to grant
Tiller permission to access the API.
1. Create a service account for Tiller and bind it to the `cluster-admin` role by adding the following section to `rbac-config.yaml`:
```yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: tiller
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: tiller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: tiller
namespace: kube-system
```
1. Apply the service account and role by running the following command:
<pre class="terminal">
$ kubectl create -f rbac-config.yaml
</pre>
1. Download and install the [Helm CLI](https://github.com/kubernetes/helm/releases).
1. Deploy Helm using the service account by running the following command:
<pre class="terminal">
$ helm init --service-account tiller
</pre>
1. Run `helm ls` to verify that the permissions are configured.
To apply more granular permissions to the Tiller service account, see the [Helm RBAC](https://github.com/kubernetes/helm/blob/master/docs/rbac.md) documentation.