How do I tell helm to create internal secrets in namespace

0
votes

When trying to run helm install to deploy an application to a private K8S cluster, I get the following error:

helm install myapp ./myapp
Error: create: failed to create: secrets is forbidden: User "u-user1" 
cannot create resource "secrets" in API group "" in the namespace "default"
exit status 1

I know that this is happening because helm creates secrets behind the scene to hold information that it needs for managing the deployment. See Handling Secrets:

As of Helm v3, the release definition is stored as a Kubernetes Secret resource by default, as opposed to a ConfigMap.

The problem is that helm is trying to create the secrets in the default namespace, and I'm working in a private cloud and not allowed to create resources in the default namespace.

How can I tell helm to use a namespace when creating the internal secrets that it needs to use?

Searching for a solution

A search on the helm site found:

In Helm 3, information about a particular release is now stored in the same namespace as the release itself

But I've set the deployment to be in the desired namespace. My myapp/templates/deployment.yaml file has:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: myapp
  namespace: myapp-namespace

So I'm not sure how to tell helm to create it's internal secrets in this myapp-namespace.

Other Searches

Update 1)

When searching for a solution I tried adding the --namespace myapp-namespace argument to the helm install command (see below).

helm install --namespace myapp-namespace myapp ./myapp
Error: create: failed to create: secrets is forbidden: User "u-user1" 
cannot create resource "secrets" in API group "" in the namespace "myapp-namespace"
exit status 1

Notice that the namespace is now myapp-namespace, so I believe that helm is now creating the internal secrets in my desired namespace, so I think this answers my original question.

I think I now have a permissions issue that I need to ask the K8S admins to address.

1
kubernetes-helm
I believe this is a permissions issue at this moment. - PatS

1 Answers

0
votes

You must use the --namespace option in order to tell helm install what namespace you are using. The syntax you specified is correct.

helm install --namespace myapp-namespace myapp ./myapp

You could also put --namespace at the end of the command as below:

helm install myapp ./myapp --namespace myapp-namespace

With this syntax, helm will create the internal secrets in the namespace you've specified.

Doing this will prevent the default namespace from being polluted.

The following command is then needed to see the install.

helm list --namespace myapp-namespace
helm list --all-namespaces