Comments (11)
rimusz
commented on July 30, 2024
1
I will open a PR to add that to docs
from helm-tiller.
rimusz
commented on July 30, 2024
1
Closing this issue as I created the PR GoogleCloudPlatform/cloud-builders-community#111
from helm-tiller.
rimusz
commented on July 30, 2024
ah, Google Cloud Build one example supports no RBAC only, as I got some those errors there too, need to find out why
from helm-tiller.
rimusz
commented on July 30, 2024
the only way I found for now, is to create and use service account which has cluster-admin role there
from helm-tiller.
smeeklai
commented on July 30, 2024
Thank you, can you please tell me how can I make the plugin to use a service account with cluster-admin role?
from helm-tiller.
rimusz
commented on July 30, 2024
it is not the plugin itself, you need to put the service account to GCS bucket and part of cloud build step download it (of course it is better to encrypt it with KMS first), then add to helm.bash:
gcloud auth activate-service-account --key-file /gcloud-service-key.json
from helm-tiller.
rimusz
commented on July 30, 2024
I need to find a time to update the helm there to support service account
from helm-tiller.
smeeklai
commented on July 30, 2024
Oh, thank you very much for guidance. Simple but effective 👍
from helm-tiller.
rimusz
commented on July 30, 2024
try for this user to add user=&{XXXXXXXXXX@XXXXXX RBAC role:
kubectl create clusterrolebinding cluster-admin-XXXXXXXXXX-XXXXXX \
--clusterrole cluster-admin --user XXXXXXXXXX@XXXXXX
Of course replace xxx with the real user from the your logs :)
Such trick did work for me.
from helm-tiller.
rimusz
commented on July 30, 2024
ok, I dug deeper:
gcloud iam service-accounts describe [email protected]
it will describe the service account of the cloud-builder and the uniqueId: is your user you need for RBAC role.
So I made a simple shell script to create RBAC cluster-admin users:
#!/bin/bash -e
if [[ -n "$1" ]]; then
if [[ "$1" = *"cloudbuild.gserviceaccount"* ]]; then
user=$(gcloud iam service-accounts describe $1 | grep -o 'uniqueId.*' | awk -v FS="('|')" '{print $2}')
else
user="${1//./-}"
user="${user//@/-}"
fi
echo "Setting user: $user"
kubectl create clusterrolebinding cluster-admin-$user --clusterrole cluster-admin --user $user
else
echo "No user is provided !!!"
fi
from helm-tiller.
smeeklai
commented on July 30, 2024
Thank you very much 😊. I've not tried it yet but definitely will try it out tomorrow
from helm-tiller.
Related Issues (20)
- Add option to output tiller logs to stderr HOT 4
- helm_env HOT 2
- [ Issue ] Installing the config in anything other than kube-system doesn't save release HOT 9
- Version mismatch between release tag and plugin.yaml HOT 2
- [Question] Do I still need the tiller service account? HOT 7
- Create namespace ONLY if doing an `update --install` or `install`
- Tiller credentials persisted across "helm tiller start" sessions
- Benefit of stoping helm tiller HOT 1
- Plugin stopped working with helm HOT 6
- allow concurrency HOT 8
- tar: invalid number 'linux-amd64/tiller' HOT 1
- Lost state? HOT 3
- /tiller.sh: line 188: 69870 Terminated: 15 HOT 4
- $TMPDIR is not defined in all linux environments
- Tiller isn't able to find pid file HOT 4
- Helm Tiller Silent Not Working HOT 15
- Latest commit is causing failure when running non-interactive: /dev/tty: No such device or address HOT 7
- Helm Tiller Version Error with Helm installed via Homebrew HOT 3
- migrating to helm3? HOT 2
- tiller.sh not respecting HELM_TILLER_SILENT at the end of install
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from helm-tiller.