deployments.extensions is forbidden error when running `helm init` command on Ubuntu 16.04

1
votes

I am trying to install Kubernetes Helm and Tiller for my Kubernetes cluster. Currently I installed Helm client by following command,

sudo snap install helm --classic

And now I am trying to run 'helm init' command to install Tiller in my cluster. I have my configuration file in .kube/config path. And I am running the helm init command. But When I am running this, I am getting the following error:

Updated Error

$HELM_HOME has been configured at /home/docker/.helm.
Error: error installing: deployments.extensions is forbidden: User "system:node:mildevkub020" cannot create resource "deployments" in API group "extensions" in the namespace "kube-system"

Do I need to change any cluster information in kubelet.conf? How I can resolve this error?

2
kuberneteskubernetes-helm
Which version of kubernetes are you running? You're using helm cli in your local machine or the kubernetes host?Esteban Garcia
I am using helm cli version 13.1 in my local machineJacob
Which version of kubernetes? Are you able to use kubectl?Esteban Garcia
When I am using kubectl also getting the same error. I checked with kubectl version commandJacob
Ok. The file ~/.kube/kubelet.conf most likely is your kubectl configuration that file should be ~/.kube/configEsteban Garcia

2 Answers

2
votes

You are getting this error because you have not initialized helm with a service account.

In rbac-config.yaml:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: tiller
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: tiller
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: tiller
    namespace: kube-system

Step 1: kubectl apply -f rbac-config.yaml

Step 2: helm init --service-account tiller --history-max 200

Step 3: Test the setup with heml ls. There would not be any output from running this command and that is expected. Now, you can run helm create myfirstchart

0
votes

Your Tiller Pod needs to run as a privileged service account, with cluter-admin ClusterRole. Please check here my answer to similar problem as yours.