Helm Tiller on Minishift - ocd-scm/ocd-meta GitHub Wiki

The most common problem with running Minishift is clashes with older installations of virtual machine software or virtualisation drivers. As Minishift can run on three different operating systems using more than one virtualization technology on each so I am unlikely to be able to help you debug. Please use stackoverflow and the minishift docs and community if you run into problems. Here are some hints about how I get it up and running on macOS:

# i used homebrew
brew cask install minishift
# here i am using virtual box that needs to be installed and am running v3.11 of OKD to match openshift.com
minishift start --vm-driver virtualbox \
  --cpus 2 \
  --memory 8GB \
  --disk-size 100GB \
  --profile helm214 \
  --openshift-version v3.11.0
eval $(minishift oc-env)

You will also need helm and helmfile I installed them on macOS using brew:

# we need the oc commandline tool to do work
brew install openshift-cli
# helm is needed install tiller and work with it
brew install kubernetes-helm
# helmfile is for using helm in a declarative manner
brew install helmfile

If anyone would like to contribute steps for another OS then please raise an issue and include the text.

Once you have minishift up you can install Tiller with the steps below.

# surprise! there is no true superuser by default you have to apply it as an add-on. 
minishift addon apply admin-user
# note as the superuse to install tiller into its own namespace
oc login -u admin -p admin
# important! OCD demo scripts expect to `export TILLER_NAMESPACE=tiller-namespace` matches this project:
oc new-project tiller-namespace
# create a system account for tiller
oc create sa tiller
# in a real cluster I wouldn't grant Tiller cluster admin I would grant it edit on specific projects
oc adm policy add-cluster-role-to-user cluster-admin -z tiller
# the default developer user must be able to "see" teller from outside of minishift
oc policy add-role-to-user view developer -n tiller-namespace
oc create role podreader --verb=get,list,watch --resource=pod -n tiller-namespace
oc adm policy add-role-to-user podreader developer --role-namespace=tiller-namespace -n tiller-namespace
# our regular developer user must be able to communicate with tiller from outside of minishift
oc create role portforward --verb=create,get,list,watch --resource=pods/portforward -n tiller-namespace
oc adm policy add-role-to-user portforward developer --role-namespace=tiller-namespace -n tiller-namespace
# our regular develpoer should see that the roles are installed when running the wizard to not get warnings
oc create role rolereader --verb=get,list,watch --resource=roles -n tiller-namespace
oc adm policy add-role-to-user rolereader developer --role-namespace=tiller-namespace -n tiller-namespace
# install tiller
helm init --service-account tiller --tiller-namespace tiller-namespace
# Note: you will need to export this env var in every shell you wish to use 'helm list' etc
export TILLER_NAMESPACE=tiller-namespace

Note that we installed tiller using the super admin login that isn't set up by default. On a real openshift cluster you would only grant Tiller edit or admin writes to specific openshift projects. The Openshift Online Pro version of these instructions show how to set up and run OCD on a multitenant cluster without cluster admin rights.