Specify serviceaccount while deploying tiller with helm init

[spk83]

helm init command by default, sets the spec.template.spec.serviceAccountName:"" in deployment config of tiller. So tiller would be deployed with default service account of namespace in which tiller is being installed. To run tiller with different service account, we have to take the output helm init --dry-run --debug and change the serviceAccountName field with the sa name that we want to run tiller with.

We encountered this while using helm with OpenShift, where default service account isn't privileged to run containers as root and we have a separate service account with those privileges. So we have to deploy tiller with non-default service account.

Do you guys think its a terrible idea to have a --serviceaccount switch that could override default behavior? Happy to raise PR if not. Please let me know.

Thanks! :)

[seh]

Also pertinent: #2181 and #2224. The former shows a hack to work around the problem; the latter specifies a proper solution.

[spk83]

Thanks @seh. I'll wait for 2.3.2 👍

[michelleN]

I'm going to close this since it's a duplicate of #2224. Thank you @spk83