Using Helm with Enterprise PKS

Page last updated:

This topic describes how to use the package manager Helm for your Kubernetes apps running on Enterprise Pivotal Container Service (Enterprise PKS).

Overview

Helm includes the following components:

Component Role Location
helm Client Runs on your local workstation
tiller Server Runs inside your Kubernetes cluster

Helm packages are called charts. For more information, see Charts in the Helm documentation.

Examples of charts:

For more charts, see the Helm Charts repository on GitHub.

Configure Tiller

If you want to use Helm with Enterprise PKS, you must configure Tiller.

Tiller runs inside the Kubernetes cluster and requires access to the Kubernetes API.

If you use role-based access control (RBAC) in Enterprise PKS to grant Tiller permission to access the API, do the following:

  1. Create a file named rbac-config.yaml with the following configuration:

    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: tiller
      namespace: kube-system
    ---
    apiVersion: rbac.authorization.k8s.io/v1beta1
    kind: ClusterRoleBinding
    metadata:
      name: tiller
    roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: ClusterRole
      name: cluster-admin
    subjects:
      - kind: ServiceAccount
        name: tiller
        namespace: kube-system
    
  2. Create the service account and role by running the following command:

    kubectl create -f rbac-config.yaml
    
  3. Download and install the Helm CLI.

  4. Deploy Helm using the service account by running the following command:

    helm init --service-account tiller
    
  5. Verify that the permissions are configured by running the following command:

    helm ls
    

    There should be no output from the above command.

To apply more granular permissions to the Tiller service account, see the Helm RBAC documentation.


Please send any feedback you have to pks-feedback@pivotal.io.