问题
Is helm broken, I keep getting:
Error: configmaps is forbidden: User "system:serviceaccount:kube-system:tiller" cannot list resource "configmaps" in API group "" in the namespace "kube-system"
when helm ls
回答1:
helm is probably fine.
You need to have correct serveice-account and role binding. Refer https://github.com/helm/helm/blob/master/docs/rbac.md#tiller-and-role-based-access-control for common scenario examples.
回答2:
The link shared on above answer are No more valid and throws a 404 error. For completeness and users looking for solution sharing the fix steps below
If below ERROR is reported on helm :
$ helm list
Error: configmaps is forbidden: User "system:serviceaccount:kube-system:default" cannot list resource "configmaps" in API group "" in the namespace "kube-system"
SOLUTION: Use below commands to create serviceaccount and clusterrolebinding and patch the tiller-deployment to user service account.
kubectl create serviceaccount --namespace kube-system tiller
kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'
来源:https://stackoverflow.com/questions/55457589/helm-ls-error-configmaps-is-forbidden-user-systemserviceaccountkube-system