Helm/Tiller/Chartmuseum are a set of services that provide the industry standard for packaging Kubernetes deployments.
For customer who need to package and deploy their applications the combination of Helm, Tiller and Chartmuseum provides a way to easily manage this. By using helm charts you can define, install and upgrade applications running on Kubernetes. Helm is the industry standard package manager, supported by the CNCF. There are many existing helm packages available to help install applications in your cluster.
Chart museum is an open source helm chart repository, where you can store your helm charts, for easy deployment from your pipelines or IaC systems.
Helm/Tiller/Chartmuseum is available as standard with nine Managed GKE.
You can use helm locally, or in your pipelines to deploy applications. For an introduction on how to use helm please see the application documentation linked below.
You will need to specify the tiller namespace, as nine places tiller outside
kube-system. You can either do this when you run helm
helm --tiller-namespace tiller
or you can export an env var
To allow tiller to deploy to a namespace of your choice you need to create a rolebinding which allows tiller to do so. With the following
kubectl command you allow tiller to deploy to the namespace
kubectl create rolebinding customer-tiller --clusterrole admin --serviceaccount tiller:customer-tiller -n example
This will not give tiller permissions to create resourcequotas in the namespace or change the namespace itself. If you want this you need to use the cluster role
kubectl create rolebinding customer-tiller --clusterrole cluster-admin --serviceaccount tiller:customer-tiller -n example
Because you will need to store your charts somewhere convenient for deployment, nine provides you with an instance of chart museum, an open source helm chart repository server. You can find the address and credentials to access Chartmuseum on runway. For more information about chart museum please see the documentation below.