Add Grey Matter Helm Chart
In order to install the Grey Matter Helm Chart we need to make Helm aware of the repository that contains the chart. However, the repository is private so you'll need credentials. If you don't have credentials open a support ticket at https://support.deciphernow.com and we can get you squared away. If you have credentials already, we will go ahead and set them as environment variables to simplify the remaining steps in this tutorial. We've written a little script to make this easier but before we source it you should be sure you know what it does as you'll be giving it your credentials. Go ahead and confirm that you understand what it does before sourcing it.
cat ~/credentials
As we said, we will gather your credentials and set them as environment variables. Let's go ahead and source the script (note that we must source it for it to effect the current shell).
source ~/credentials
This method of installation will not currently work as we can not modify the files on the nexus repo
With your credentials set as environment variables we can add the repository to Helm with the following command:
helm repo add decipher https://nexus.production.deciphernow.com/repository/helm-hosted --username ${USERNAME} --password ${PASSWORD}
For testing purposes, clone the repo from GitHub!
git clone https://github.com/DecipherNow/helm-charts
Bind the Tiller Service Account to the Cluster-Admin Role
We need to tell our cluster that Tiller is a service account that needs administrative permissions to deploy Grey Matter into our cluster. We can do this by explicitly naming Tiller as a service account and binding it to the relevant cluster role.
kubectl create serviceaccount tiller --namespace kube-system
Next we need to define how Tiller will be bound to this role. We'll do this by creating a tiller-clusterrolebinding.yaml
file with the following contents:
vi /root/tiller-clusterrolebinding.yaml
Paste the following snippet into this file:
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: tiller-clusterrolebinding
subjects:
- kind: ServiceAccount
name: tiller
namespace: kube-system
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: ""
The last thing we need to do to configure our cluster for installation is deploy the cluster role binding file.
kubectl create -f /root/tiller-clusterrolebinding.yaml
We need to refresh our Tiller initialization:
helm init --service-account tiller --upgrade