Install Helm

Installing software into an existing Kubernetes cluster is trivial with Helm. You can think of Helm as a package manager for Kubernetes. The packages Helm installs are called Charts and we'll be using the Grey Matter Helm Chart in this tutorial. But before we can do that, we first need to get Helm installed locally. The following command downloads the Helm binary and places it in /usr/local/bin/helm. Since our ${PATH} environment variable includes /usr/local/bin we can invoke Helm by simply typing helm for the rest of this tutorial.

curl -sSL https://get.helm.sh/helm-v2.14.1-linux-amd64.tar.gz | tar -xz --strip-components=1 --directory=/usr/local/bin

Install Tiller

With Helm installed locally we need to install the server side component, Tiller. In reality, it is Tiller that deploys the Kubernetes resources on behalf of Helm. Fortunately, Helm is perfectly capable of installing Tiller for us with the following command.

helm init --tiller-namespace kube-system --service-account default --host 127.0.0.1:8443

The above command installs Tiller within the kube-system Kubernetes namespace using the default service account. For the purposes of this tutorial this will suffice but before using Tiller in a production environment you should be aware of the security implications and best practices.

Add Grey Matter Helm Chart

In order to install the Grey Matter Helm Chart we need to make Helm aware of the repository that contains the chart. However, the repository is private so you'll need credentials. If you don't have credentials open a support ticket at https://support.deciphernow.com and we can get you squared away. If you have credentials already, we will go ahead and set them as environment variables to simplify the remaining steps in this tutorial. We've written a little script to make this easier but before we source it you should be sure you know what it does as you'll be giving it your credentials. Go ahead and confirm that you understand what it does before sourcing it.

cat ~/credentials

As we said, we will gather your credentials and set them as environment variables. Let's go ahead and source the script (note that we must source it for it to effect the current shell).

source ~/credentials

This method of installation will not currently work as we can not modify the files on the nexus repo

With your credentials set as environment variables we can add the repository to Helm with the following command:

helm repo add decipher https://nexus.production.deciphernow.com/repository/helm-hosted --username ${USERNAME} --password ${PASSWORD}

For testing purposes, clone the repo from GitHub! git clone https://github.com/DecipherNow/helm-charts

Bind the Tiller Service Account to the Cluster-Admin Role

We need to tell our cluster that Tiller is a service account that needs administrative permissions to deploy Grey Matter into our cluster. We can do this by explicitly naming Tiller as a service account and binding it to the relevant cluster role.

kubectl create serviceaccount tiller --namespace kube-system

Next we need to define how Tiller will be bound to this role. We'll do this by creating a tiller-clusterrolebinding.yaml file with the following contents:

vi /root/tiller-clusterrolebinding.yaml

Paste the following snippet into this file:

kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: tiller-clusterrolebinding
subjects:
- kind: ServiceAccount
  name: tiller
  namespace: kube-system
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: ""

The last thing we need to do to configure our cluster for installation is deploy the cluster role binding file. kubectl create -f /root/tiller-clusterrolebinding.yaml

We need to refresh our Tiller initialization: helm init --service-account tiller --upgrade

Decreasing the Grey Matter Installation Resource Limits

This step is not necessary in an actual environment, but in order to install Grey Matter in the Katacoda environment, we need to decrease the amount resources that each of the services request and remove non-essential services.

The following script overwrites all of the services' values.yaml files, reducing their resource requests, and replaces the greymatter/requirements.yaml file with one that redirects all the repository paths to our local, lightweight installation that we cloned from GitHub. We'll also reconfigure (read "delete") some of the services' PersistentVolumeClaims.

Feel free to read the script and referenced files before executing it:

cat /root/gm-config/reduce-gm.sh

bash /root/gm-config/reduce-gm.sh

Define a custom.yaml file and Install Grey Matter

We need to pass several credentials and certifications to Tiller to complete the installation.

You can either run this script which will prompt you for your relevant credentials and fill out the custom-prompt.yaml file automatically, or you can manually edit this custom.yaml configuration file which we'll pass into the installation command:

Select one of these options to define our custom configuration file

1. If you want just want to plug in your credentials: bash prompt

2. If you want to fill it out yourself: vi custom.yaml

Now we can install Grey Matter into our cluster.

Select the installation command associated with your custom.yaml file

1. helm install --name gm-my-cluster --tiller-namespace kube-system --debug -f /root/custom-prompt.yaml helm-charts/greymatter

2. helm install --name gm-my-cluster --tiller-namespace kube-system --debug -f /root/custom.yaml helm-charts/greymatter

//TODO figure out the routing to make this work:

Checkout the Grey Matter dashboard at

https://[[HOST_SUBDOMAIN]]-8443-[[KATACODA_HOST]].environments.katacoda.com/