LATEST VERSION: v1.1 - RELEASE NOTES
Pivotal Container Service v1.0

Configure Tiller

Tiller runs inside the Kubernetes cluster and requires access to the Kubernetes API. If you use role-based access control (RBAC) in PKS, perform the steps in this section to grant Tiller permission to access the API.

  1. Create a service account for Tiller and bind it to the cluster-admin role by adding the following section to rbac-config.yaml:

    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: tiller
      namespace: kube-system
    ---
    apiVersion: rbac.authorization.k8s.io/v1beta1
    kind: ClusterRoleBinding
    metadata:
      name: tiller
    roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: ClusterRole
      name: cluster-admin
    subjects:
      - kind: ServiceAccount
        name: tiller
        namespace: kube-system
    
  2. Apply the service account and role by running the following command:

    $ kubectl create -f rbac-config.yaml
    

  3. Download and install the Helm CLI.

  4. Deploy Helm using the service account by running the following command:

    $ helm init --service-account tiller
    

  5. Run helm ls to verify that the permissions are configured.

To apply more granular permissions to the Tiller service account, see Role-based Access Control in the Helm documentation.


Please send any feedback you have to pks-feedback@pivotal.io.

Create a pull request or raise an issue on the source for this page in GitHub