Commit c36b00d3 authored by Corey O'Brien's avatar Corey O'Brien Committed by DJ Mountney

Add script for easy install without Tiller in the cluster

parent 54302158
#!/bin/bash -e
export HELM_HOST=localhost:44134
HELM_VERSION="$(helm version -c --short)"
# Split multiple paths and use the first one that exists
IFS=':' read -r -a CONFIG_FILES <<< "${KUBECONFIG:-$HOME/.kube/config}"
TILLER_KUBECONFIG="$(mktemp ${HOME}/.kube/config.XXXXXX)"
trap 'docker rm -f tiller >/dev/null 2>&1 || true; rm -f ${TILLER_KUBECONFIG}' EXIT
if [ -e ${CONFIG_FILE} ]; then
CURRENT_CONTEXT=$(kubectl config current-context)
CURRENT_USER=$(kubectl config view -o jsonpath="{.contexts[?( == \"$CURRENT_CONTEXT\")].context.user}")
CURRENT_CLUSTER=$(kubectl config view -o jsonpath="{.contexts[?( == \"$CURRENT_CONTEXT\")].context.cluster}")
CURRENT_SERVER=$(kubectl config view -o jsonpath="{.clusters[?( == \"$CURRENT_CLUSTER\")].cluster.server}")
ACCESS_TOKEN=$(kubectl config view -o jsonpath="{.users[?( == \"$CURRENT_USER\")].user.auth-provider.config.access-token}")
CA_DATA=$(kubectl config view -o go-template --template "{{range .clusters}}{{if eq .name \"$CURRENT_CLUSTER\"}}{{index .cluster \"certificate-authority-data\"}}{{end}}{{end}}" --raw)
if [ "${ACCESS_TOKEN}" != "" ]; then
# Refresh the token if needed for things like gcp
kubectl version >/dev/null
# Generate a simple config without an auth provider
kubectl config set-credentials "${CURRENT_CLUSTER}" --token="${ACCESS_TOKEN}" >/dev/null
CA_TMP="$(mktemp)"; echo "${CA_DATA}" | base64 --decode > ${CA_TMP}
kubectl config set-cluster "${CURRENT_CLUSTER}" --server="${CURRENT_SERVER}" --certificate-authority="$CA_TMP" --embed-certs >/dev/null
kubectl config set-context "${CURRENT_CONTEXT}" --cluster="${CURRENT_CLUSTER}" --user="${CURRENT_USER}" >/dev/null
kubectl config use-context "${CURRENT_CONTEXT}" >/dev/null
rm ${CA_TMP}
docker rm -f tiller >/dev/null 2>&1 || true
docker run \
--name tiller \
-d \
-p 44134:44134 \
-e TILLER_NAMESPACE=kube-system \
-v ${TILLER_KUBECONFIG}:/tmp/.kube/config \"${HELM_VERSION}" >/dev/null
helm version >/dev/null
helm $@
title: Add a script for running helm without tiller running in the cluster
merge_request: 281
author: Corey O'Brien
type: added
......@@ -9,6 +9,9 @@ to ensure you can access your cluster using `kubectl`.
Helm consists of two parts, `helm` client and `tiller` server inside Kubernetes.
* If you are not able to run tiller in your cluster for some reason, see the
[local tiller](#local-tiller) section.
# Getting Helm
You can get Helm from the project's [releases page](, or follow other options under the official documentation of [Installing Helm](
......@@ -117,3 +120,17 @@ Helm repository has some additional information on developing with helm in it's
## Local tiller
_This is not recommended_
If you are not able to run tiller in your cluster, this chart includes a script
that should allow you to use helm with running tiller in your cluster. The
script uses your personal Kubernetes credentials and configuration to apply
the chart. This method is not well supported, but should work.
To use the script, skip this entire section about initializing helm. Instead,
make sure you have Docker installed locally and run
`bin/localtiller-helm --client-only`. After that, you can substitute
`bin/localtiller-helm` anywhere these instructions direct you to run `helm`.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment