Installing Helm charts using Terraform

Question

I have been trying to install Helm charts using Terraform in a cluster which operates in GKE.

My question is in two parts:

1. Is it a good practice to use Terraform for installing Helm charts?
2. I have been getting this error when Terraform tries to install a Helm chart:

helm_release.release_name: Get https://XX.XXX.XX.X/apis/extensions/v1beta1/namespaces/kube-system/deployments/tiller-deploy: dial tcp XX.XXX.XX.X:443: connect: connection refused

Here is how I am configuring the Helm chart:

provider "kubernetes" {


  host     = "${var.cluster-host}"
  username = "${var.cluster-username}"
  password = "${var.cluster-password}"

  client_certificate     = "${base64decode(var.cluster-client-cert)}"
  client_key             = "${base64decode(var.cluster-client-key)}"
  cluster_ca_certificate = "${base64decode(var.cluster-ca-certificate)}"
}

resource "kubernetes_service_account" "tiller" {
  metadata {
    name      = "tiller"
    namespace = "kube-system"
  }
}

resource "kubernetes_cluster_role_binding" "tiller" {
  metadata {
    name = "tiller"
  }

  role_ref {
    api_group = "rbac.authorization.k8s.io"
    kind      = "ClusterRole"
    name      = "cluster-admin"
  }

  # api_group has to be empty because of a bug:
  # https://github.com/terraform-providers/terraform-provider-kubernetes/issues/204
  subject {
    api_group = ""
    kind      = "ServiceAccount"
    name      = "tiller"
    namespace = "kube-system"
  }
}

provider "helm" {
  install_tiller  = true
  service_account = "tiller"
  namespace       = "kube-system"
  kubernetes {
      host     = "${var.cluster-host}"
      username = "${var.cluster-username}"
      password = "${var.cluster-password}"

      client_certificate     = "${base64decode(var.cluster-client-cert)}"
      client_key             = "${base64decode(var.cluster-client-key)}"
      cluster_ca_certificate = "${base64decode(var.cluster-ca-certificate)}"
  }
}

Answer 1

1. you can use terraform to install helm charts, you dont have to obviously
2. something is probably wrong with your kubernetes connection, check if its actually working