The Kubernetes Package Manager : Helm

The Kubernetes Package Manager : Helm

Helm is a management tool of Kubernetes Chart, which is a pre-configured Kubernetes resource package. The following are the advantages of using Helm:

  • Query and use popular Kubernetes Chart software package.
  • Share user’s application with Kubernetes Chart.
  • Use Chart to repeatedly establish application.
  • Manage intelligently Kubernetes manifest files.
  • Manage released Helm version.


Helm contains three concepts to understand: Chart, Release, and Repository respectively as follows:

  • Chart: Mainly define he required tool, resource, and service of the executed applications. Similar to Homebrew Formula or APT dpkg.
  • Release: A Chart instance of Kubernetes. Chart can have multiple Release inside the cluster, such as MySQL chart. It can establish two database instances based on that particular chart within the cluster. Each Release has an independent name.
  • Repository: provide a space to store chart, such as KubeApps.

It is understandable that the purpose of using Helm is to find the required application chart from Chart Repository, and then use Release to deploy to Kubernetes for management.

Helm Components:

Helm has two major components: Helm Client and Tiller Server as follows:

  • Helm Client: a machine that installs Helm CLI. It uses gRPC to connect Tiller Server to manage and operate Repository, Chart, and Release, such as install, delete, or upgrade. For more information, please refer to Helm Documentation
  • Tiller Server: mainly responsible for receiving command from Client, and communicating with Kubernetes cluster via Kube-apiserver to generate and manage Kubernetes deployment files (or Release) of all corresponding API objects.

The communication architecture is shown below:


Make sure it meets the following requirements before installation:

  • Kubernetes Cluster installed
  • Kuubectl installed locally
  • Using local Kubectl tool to manage Kubernetes (usable Kubectl config)

Install Helm

There are many ways to install Helm. The following demonstration shows how to use binary file for installation:

$ wget -qO- | tar -zxf $ sudo mv linux-amd64/helm /usr/local/bin/ $ helm version

OS X 為下載 helm-v2.4.1-darwin-amd64.tar.gz

Initialize Helm

Prior to using Helm, you need to establish Tiller Server to manage Kubernetes. Helm CLI also provides a built-in initializing command as follows:

$ helm init $HELM_HOME has been configured at /root/.helm. Tiller (the helm server side component) has been installed into your Kubernetes Cluster. Happy Helming!

If you want to upgrade, you may use the following command:

helm init –upgrade

Use kubectl to check if Tiller Server is established or not:

$ kubectl get po,svc -n kube-system -l app=helm NAME READY STATUS RESTARTS AGE po/tiller-deploy-1651596238-5lsdw 1/1 Running 0 3m NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE svc/tiller-deploy <none> 44134/TCP 3m

Then use helm ctl to check information:

$ export KUBECONFIG=/etc/kubernetes/admin.conf $ export HELM_HOST=$(kubectl describe svc/tiller-deploy -n kube-system | awk '/Endpoints/{print $2}') $ helm version Client: &version.Version{SemVer:"v2.4.2", GitCommit:"82d8e9498d96535cc6787a6a9194a76161d29b4c", GitTreeState:"clean"} Server: &version.Version{SemVer:"v2.4.2", GitCommit:"82d8e9498d96535cc6787a6a9194a76161d29b4c", GitTreeState:"clean"}

Deploy Chart Release instance

After finishing initialization, you may use helm ctl to manage and deploy Chart Release. Firstly, go to Kubernetes and find the Chart you want to deploy. Take the following command as an example, and then use search command to check current application version:

$ helm search jenkins NAME VERSION DESCRIPTION stable/jenkins 0.6.3 Open source continuous integration server. It s...

Then use inspect command to check the parameter information of that Chart:

$ helm inspect stable/jenkins ... Persistence: Enabled: true

You will discover that you need to create a PVC to provide persistent storage; therefore, it is required to create a PVC to provide Jenkins Chart for storage. The following lines illustrate how to create jenkins-pv-pvc.yml file manually:

apiVersion: v1 kind: PersistentVolume metadata: name: jenkins-pv labels: app: jenkins spec: capacity: storage: 10Gi accessModes: - ReadWriteOnce persistentVolumeReclaimPolicy: Recycle nfs: path: /var/nfs/jenkins server: --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: jenkins-pvc labels: app: jenkins spec: accessModes: - ReadWriteOnce resources: requests: storage: 10Gi

Then use kubectl to create:

$ kubectl create -f jenkins-pv-pvc.yml persistentvolumeclaim "jenkins-pvc" created persistentvolume "jenkins-pv" created $ kubectl get pv,pvc NAME CAPACITY ACCESSMODES RECLAIMPOLICY STATUS CLAIM STORAGECLASS REASON AGE pv/jenkins-pv 10Gi RWO Recycle Bound default/jenkins-pvc 20s NAME STATUS VOLUME CAPACITY ACCESSMODES STORAGECLASS AGE pvc/jenkins-pvc Bound jenkins-pv 10Gi RWO 20s

After finishing PVC creation, you may use Helm to create Jenkins Release:

$ export PVC_NAME=$(kubectl get pvc -l app=jenkins --output=template --template="{{with index .items 0}}{{}}{{end}}") $ helm install --name demo --set Persistence.ExistingClaim=${PVC_NAME} stable/jenkins NAME: demo LAST DEPLOYED: Thu May 25 17:53:50 2017 NAMESPACE: default STATUS: DEPLOYED RESOURCES: ==> v1beta1/Deployment NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE demo-jenkins 1 1 1 0 1s ==> v1/Secret NAME TYPE DATA AGE demo-jenkins Opaque 2 1s ==> v1/ConfigMap NAME DATA AGE demo-jenkins-tests 1 1s demo-jenkins 3 1s ==> v1/Service NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE demo-jenkins <pending> 8080:30152/TCP,50000:31806/TCP 1s ...

P.S.: install command can be used to install Chart repository, compressed Chart, a Chart directory, and Chart URL.

There are two methods to override parameters by using install command. Before that, you may use helm inspect values <chart> to obtain variables.

  • values : specify a YAML file to override settings

$ echo -e ‘Master:\n AdminPassword: r00tme’ > config.yaml

$ helm install -f config.yaml stable/jenkins

> * **--sets**:指定一對 Key/value 指令來覆寫。 > ```sh $ helm install --set Master.AdminPassword=r00tme stable/jenkins

After finishing the above steps, you may use helm and kubectl to check installation status:

$ helm ls NAME REVISION UPDATED STATUS CHART NAMESPACE demo 1 Thu May 25 17:53:50 2017 DEPLOYED jenkins-0.6.3 default $ kubectl get po,svc NAME READY STATUS RESTARTS AGE po/demo-jenkins-3139496662-c0lzk 1/1 Running 0 1m NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE svc/demo-jenkins <pending> 8080:30152/TCP,50000:31806/TCP 1m

By default, it uses only LoadBalancerSourceRanges to define access strategy, but it does not specify any external IP. As a result, it is required to manually add the following content:

$ kubectl edit svc demo-jenkins spec: externalIPs: -

Then check the Service information again:

$ kubectl get svc NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE demo-jenkins , 8080:30152/TCP,50000:31806/TCP 10m

Now you may use to connect Jenkins. Its default account is  admin。Use the following command to obtain Jenkins admin password:

$ printf $(kubectl get secret --namespace default demo-jenkins -o jsonpath="{.data.jenkins-admin-password}" | base64 --decode);echo buQ1ik2Q7x

The Chart will generate random password and save it to secrets.

Then you can use upgrade command to upgrade released Chart:

$ helm upgrade --set Master.AdminPassword=r00tme --set Persistence.ExistingClaim=jenkins-pvc demo stable/jenkins Release "demo" has been upgraded. Happy Helming! $ helm get values demo Master: AdminPassword: r00tme Persistence: ExistingClaim: jenkins-pvc $ helm ls NAME REVISION UPDATED STATUS CHART NAMESPACE demo 2 Tue May 30 21:18:43 2017 DEPLOYED jenkins-0.6.3 default

Here you will notice that REVISION will be added one. This will be used as rollback version.

Delete Release

Other than the fundamental create feature, Helm includes the life cycle management features of the entire Release. If you do not need Release, you may delete it by the following command:

$ helm del demo $ helm status demo | grep STATUS STATUS: DELETED

When it is deleted, that Release is not really deleted. You may use helm ls to check deleted Release:

$ helm ls --all NAME REVISION UPDATED STATUS CHART NAMESPACE demo 2 Tue May 30 21:18:43 2017 DELETED jenkins-0.6.3 default

When –all parameter is added after helm ls, it simply lists deployed Release. While release is on the DELETED status, you can do some operations, such as Roll back or completely delete Release.

$ helm rollback demo 1 Rollback was a success! Happy Helming! $ printf $(kubectl get secret --namespace default demo-jenkins -o jsonpath="{.data.jenkins-admin-password}" | base64 --decode);echo BIsLlQTN9l $ helm del demo --purge release "demo" deleted # 這時執行以下指令就不會再看到已刪除的 Release. $ helm ls --all

Create a simply Chart architecture

Helm provides a create command to create a Chart:

$ helm create example $ tree example/ example/ ├── charts ├── Chart.yaml ├── templates │&nbsp;&nbsp; ├── deployment.yaml │&nbsp;&nbsp; ├── _helpers.tpl │&nbsp;&nbsp; ├── ingress.yaml │&nbsp;&nbsp; ├── NOTES.txt │&nbsp;&nbsp; └── service.yaml └── values.yaml

After Chart configured, you may use helm command to package:

$ helm package example/ example-0.1.0.tgz

Finally, use helm to install:

$ helm install ./example-0.1.0.tgz

Create Repository

Helm command can be used to create Chart. It also provides a feature of Helm Repository. The command below shows how to create:

$ helm serve --repo-path example-0.1.0.tgz $ helm repo add example http://repo-url

In addition, helm repo can be added to Github and HTTP server address to provide services.


Select list(s)*