You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
helm init command by default, sets the spec.template.spec.serviceAccountName:"" in deployment config of tiller. So tiller would be deployed with default service account of namespace in which tiller is being installed. To run tiller with different service account, we have to take the output helm init --dry-run --debug and change the serviceAccountName field with the sa name that we want to run tiller with.
We encountered this while using helm with OpenShift, where default service account isn't privileged to run containers as root and we have a separate service account with those privileges. So we have to deploy tiller with non-default service account.
Do you guys think its a terrible idea to have a --serviceaccount switch that could override default behavior? Happy to raise PR if not. Please let me know.
Thanks! :)
The text was updated successfully, but these errors were encountered:
helm init
command by default, sets thespec.template.spec.serviceAccountName:""
in deployment config of tiller. So tiller would be deployed with default service account of namespace in which tiller is being installed. To run tiller with different service account, we have to take the outputhelm init --dry-run --debug
and change theserviceAccountName
field with the sa name that we want to run tiller with.We encountered this while using helm with OpenShift, where default service account isn't privileged to run containers as root and we have a separate service account with those privileges. So we have to deploy tiller with non-default service account.
Do you guys think its a terrible idea to have a
--serviceaccount
switch that could override default behavior? Happy to raise PR if not. Please let me know.Thanks! :)
The text was updated successfully, but these errors were encountered: