Using Helm with Tanzu Kubernetes Grid Integrated Edition

Overview
Install and Configure Helm 3
Install and Configure Helm 2

Warning: VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) v1.8 is no longer supported because it has reached the End of General Support (EOGS) phase as defined by the Support Lifecycle Policy. To stay up to date with the latest software and security updates, upgrade to a supported version.

Note: As of v1.8, Enterprise PKS has been renamed to VMware Tanzu Kubernetes Grid Integrated Edition. Some screenshots in this documentation do not yet reflect the change.

Page last updated:

This topic describes how to use the package manager Helm 3 or its predecessor Helm 2 for your Kubernetes apps running on VMware Tanzu Kubernetes Grid Integrated Edition.

Helm 3 requires less configuration than Helm 2.

Overview

Helm 3 and Helm 2 include the following components:

Component	Role	Location
`helm`	Client	Runs on your local workstation
`tiller` (Helm 2 only)	Server	Runs inside your Kubernetes cluster

Helm packages are called charts. For more information, see Charts in the Helm documentation.

Examples of charts:

Concourse for CI/CD pipelines
Datadog for monitoring
MySQL for storage

For more charts, see the Helm Charts repository on GitHub.

Install and Configure Helm 3

To install and configure Helm 3, follow the Step 1: Install And Configure Helm instructions in the Bitnami TKGI documentation.

Install and Configure Helm 2

To use Helm 2 with Tanzu Kubernetes Grid Integrated Edition, you must first configure the Tiller component to give it access to the Kubernetes API. Tiller runs inside the Kubernetes cluster.

To grant API access to Tiller and install Helm 2:

Create a role-based access control (RBAC) configuration file named rbac-config.yaml that contains the following:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: tiller
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: tiller
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: tiller
    namespace: kube-system

Create the service account and role by running the following command:
```
kubectl create -f rbac-config.yaml
```
Download and install the latest v2 patch release of the Helm CLI.
Deploy Helm 2 using the service account by running the following command:
```
helm init --service-account tiller
```
Verify that the permissions are configured by running the following command:
```
helm ls
```
There should be no output from the above command.

To apply more granular permissions to the Tiller service account, see the Helm RBAC documentation.

For more information about securing Helm 2, see the Bitnami article Exploring the Security of Helm.

Please send any feedback you have to pks-feedback@pivotal.io.

Create a pull request or raise an issue on the source for this page in GitHub