Helm in a non default namespace

readme.md

Helm in another namespace

Prerequisites

• rbac-manager >= 0.5.0

1. Create namespace, service account, role definitions.

kubectl apply -f HelmPrivs.yml

2. Deploy helm using service account.

helm init --tiller-namespace helm-system --service-account tiller --upgrade --history-max 10 

3. Set TILLER_NAMESPACE

export TILLER_NAMESPACE=helm-system

HelmPrivs.yml

apiVersion: v1
kind: Namespace
metadata:
  name: helm-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: tiller
  namespace: helm-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: tiller-global
rules:
  - apiGroups:
    - rbac.authorization.k8s.io
    resources:
    - clusterroles
    verbs: ["*"]
---
apiVersion: rbacmanager.reactiveops.io/v1beta1
kind: RBACDefinition
metadata:
  name: tiller-rbac-definition
  namespace: helm-system
rbacBindings:
  - name: tiller-managed
    subjects:
      - kind: ServiceAccount
        name: tiller
        namespace: helm-system
    clusterRoleBindings:
      - clusterRole: tiller-global
      - clusterRole: system:aggregate-to-view
    roleBindings:
      - clusterRole: cluster-admin
        namespaceSelector:
          matchLabels:
            tiller-managed: youbetcha
      - clusterRole: cluster-admin
        namespace: helm-system