Skip to content

Instantly share code, notes, and snippets.

@mgoodness

mgoodness/helm-rbac.md

Last active October 30, 2021 17:04
  • Star 69 You must be signed in to star a gist
  • Fork 14 You must be signed in to fork a gist
Star You must be signed in to star a gist
Embed
What would you like to do?
Learn more about clone URLs
Download ZIP
Helm RBAC setup for K8s v1.6+ (tested on minikube)
Raw
helm-rbac.md 
kubectl -n kube-system create sa tiller
kubectl create clusterrolebinding tiller --clusterrole cluster-admin --serviceaccount=kube-system:tiller
helm init --service-account tiller
@tmc
Copy link

tmc commented Nov 1, 2017

A discussion of the security implications here would be useful.

@julianxhokaxhiu
Copy link

Tested on 1.8.3. Works too! Thanks man

@yuvipanda
Copy link

@tmc I think with this, anyone who has enough access to talk to tiller (which requires you be able to use the k8s API to port forward or exec I think) has root on the cluster.

Copy link

ghost commented Dec 6, 2017

Thanks. had been stuck for hours...

@jengo
Copy link

jengo commented Jan 18, 2018

Awesome thanks!

@ChinaShrimp
Copy link

Thanks a lot, it saves me a lot of hours....

@erika-dike
Copy link

Thanks a lot.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment