Helm on GKE cluster — quick hands-on guide
This quick guide helps with some practicalities on getting helm running on Google Kubernetes Engine (GKE) cluster. This article assumes that the reader:
- Has prior knowledge about helm, kubernetes and gke.
- Has a local installation of
kubectl
andhelm
also a GKE cluster with atleast 3 nodes (including master node). - This was tested with the following versions:
Create service account for helm
First create a service account and attach cluster-admin role to it. This enables the tiler pod to communicate with the kubernetes api. There are reasons why you should do this[1]. This can be done with kubectl apply -f <file>
Elevate privileges for creating ClusterRoleBindings (if necessary)
Skip this section if the above command was successful. Sometimes, you will end up with forbidden errors in GKE. A simpler way to solve this is by executing the ClusterRoleBinding as privileged user.
- Obtain your admin password with
gcloud describe
- Use those credentials and create the service account and cluster role binding of the previous section. One way would be to modify your
$HOME/.kube/config
to add a new user entry and provide it to your context and then revert back after initialisinghelm
.
- Revert back if you happen to elevate privileges, you do not need it anymore.
Initialise helm
Now run helm init
passing the service account.
Verify helm
To start with, there should be at least a deployment and a service with name tiller-deploy
in kube-system
namespace.
Create a samplechart
and install it with name helm-test
. This is going to install a simple nginx pod. Set the service type as LoadBalancer
.
There you go!
Common errors
References
- Why helm needs a service account — http://jayunit100.blogspot.fi/2017/07/helm-on.html
- More about helm — https://docs.helm.sh/
- Kubernetes docs — http://kubernetes.io/
- Google kubernetes Engine (GKE) — https://console.cloud.google.com/kubernetes/