Previous Next

Setting up Helm

Helm, the package manager for Kubernetes, is a useful tool to install, upgrade and manage applications on a Kubernetes cluster. We will be using Helm to install and manage JupyterHub on our cluster.

Helm works by initializing itself both locally (on your computer) and remotely (on your kubernetes cluster). When you run helm commands, your local helm client sends instructions to the Tiller, which exists on your Kubernetes cluster, and is controlled by the server-side helm install.

Installation

The simplest way to install helm is to run Helm’s installer script at a terminal:

curl https://raw.githubusercontent.com/kubernetes/helm/master/scripts/get | bash

Alternative methods for helm installation exist if you prefer to install without using the script.

Initialization

After installing helm on your machine, initialize helm on your Kubernetes cluster. At a terminal for your local machine (or within an interactive cloud shell from your provider), enter:

1. Set up a ServiceAccount for use by Tiller, the server side component of helm.

   kubectl --namespace kube-system create serviceaccount tiller
   

   Azure AKS: If you’re on Azure AKS, you should now skip directly to step 3.**

2. Give the ServiceAccount RBAC full permissions to manage the cluster.

   While most clusters have RBAC enabled and you need this line, you must skip this step if your kubernetes cluster does not have RBAC enabled (for example, if you are using Azure AKS).

   kubectl create clusterrolebinding tiller --clusterrole cluster-admin --serviceaccount=kube-system:tiller
   

3. Set up Helm on the cluster.

   helm init --service-account tiller
   

This command only needs to run once per Kubernetes cluster.

Note

The local and remote version of helm must be the same in order to ensure they can talk to each other. If you wish to run helm commands from a new computer than the one used to run the commands above, you must re-initialize it by running the following modified version of the init command:

helm init --client-only --service-account tiller

This will initialize helm locally, according to the version that is running remotely on the cluster. Note that this requires kubectl to point to the correct kubernetes cluster. See the kubernetes context manager for more details.

Verify

You can verify that you have the correct version and that it installed properly by running:

helm version

It should provide output like:

Client: &version.Version{SemVer:"v2.8.1", GitCommit:"46d9ea82e2c925186e1fc620a8320ce1314cbb02", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.8.1", GitCommit:"46d9ea82e2c925186e1fc620a8320ce1314cbb02", GitTreeState:"clean"}

Make sure you have at least version 2.8.1!

If you receive an error that the Server is unreachable, do another helm version in 15-30 seconds, and it should display the Server version.

Secure Helm

Ensure that tiller is secure from access inside the cluster:

kubectl --namespace=kube-system patch deployment tiller-deploy --type=json --patch='[{"op": "add", "path": "/spec/template/spec/containers/0/command", "value": ["/tiller", "--listen=localhost:44134"]}]'

Next Step

Congratulations. Helm is now set up. The next step is to install JupyterHub!

Getting started with JupyterHub Setting up JupyterHub