K
Q

Helm ls: Error: configmaps is forbidden: User "system:serviceaccount:kube-system:tiller"

4/1/2019

Is helm broken, I keep getting:

Error: configmaps is forbidden: User "system:serviceaccount:kube-system:tiller" cannot list resource "configmaps" in API group "" in the namespace "kube-system"

when helm ls

-- Chris G.
kubernetes-helm

Similar Questions

imagePullSecrets not working when using k3s
How to add flag to kubelet
Istio direct Pod to Pod communication
Adding IAM Group to aws-auth configmap in AWS EKS

2 Answers

4/1/2019

helm is probably fine.

You need to have correct serveice-account and role binding. Refer https://github.com/helm/helm/blob/master/docs/rbac.md#tiller-and-role-based-access-control for common scenario examples.

-- Amrit Bera
Source: StackOverflow
1/16/2020

The link shared on above answer are No more valid and throws a 404 error. For completeness and users looking for solution sharing the fix steps below

If below ERROR is reported on helm :

$ helm list
Error: configmaps is forbidden: User "system:serviceaccount:kube-system:default" cannot list resource "configmaps" in API group "" in the namespace "kube-system"

SOLUTION: Use below commands to create serviceaccount and clusterrolebinding and patch the tiller-deployment to user service account.

kubectl create serviceaccount --namespace kube-system tiller

kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller

kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'
-- DT.
Source: StackOverflow