LATEST VERSION: v1.1 - RELEASE NOTES
Pivotal Container Service v1.1

Configure Tiller

Tiller runs inside the Kubernetes cluster and requires access to the Kubernetes API. If you use role-based access control (RBAC) in PKS, perform the steps in this section to grant Tiller permission to access the API.

  1. Create a service account for Tiller and bind it to the cluster-admin role by adding the following section to rbac-config.yaml:

    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: tiller
      namespace: kube-system
    ---
    apiVersion: rbac.authorization.k8s.io/v1beta1
    kind: ClusterRoleBinding
    metadata:
      name: tiller
    roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: ClusterRole
      name: cluster-admin
    subjects:
      - kind: ServiceAccount
        name: tiller
        namespace: kube-system
    
  2. Apply the service account and role by running the following command:

    $ kubectl create -f rbac-config.yaml
    

  3. Download and install the Helm CLI.

  4. Deploy Helm using the service account by running the following command:

    $ helm init --service-account tiller
    

  5. Run helm ls to verify that the permissions are configured.

To apply more granular permissions to the Tiller service account, see the Helm RBAC documentation.


Please send any feedback you have to pks-feedback@pivotal.io.

Create a pull request or raise an issue on the source for this page in GitHub