OpenShift integration

[odzhu]

Hi OpenShift team,

trying to use helm with OpenShift...

I understand that currently Helm doesn't support lots of custom OpenShift resources,
however, I try pure k8s template I'm getting an example:

helm install --tiller-namespace myproject stable/mysql --name test --kube-context myproject/192-168-64-6:8443/system:admin Error: release test failed: User "system:serviceaccount:myproject:default" cannot get namespaces in project "myproject"

Any workarounds here or it's completely on Open Shift policies side ?
Please advise.

[bacongobbler]

ping @smarterclayton, @marun and @jstrachan as I believe they're working on openshift. Please correct me if I'm wrong. :)

[smarterclayton]

This is RBAC - you'd need to grant the "default" service account in namespace "myproject" the permissions that helm needs to create resources. In this case, the "edit" role is probably sufficient (unless your helm templates are setting RBAC rules, in which case project "admin" is needed).

$ oc policy add-role-to-user edit -z default -n myproject

grants service account default the edit role in project myproject. I assume you're only trying to run helm in one namespace?

[odzhu]

@smarterclayton, it worked for me, thank you!

grants service account default the edit role in project myproject. I assume you're only trying to run helm in one namespace?

Actually I tried the below:

• placing tiller and releases in same namespace
• placing tiler and releases in different namespaces

Both worked great with your help.