Helm ls: Error: configmaps is forbidden: User "system:serviceaccount:kube-system:tiller"

Question

Is helm broken, I keep getting:

Error: configmaps is forbidden: User "system:serviceaccount:kube-system:tiller" cannot list resource "configmaps" in API group "" in the namespace "kube-system"

when helm ls

Answer 1

The link shared on above answer are No more valid and throws a 404 error. For completeness and users looking for solution sharing the fix steps below

If below ERROR is reported on helm :

$ helm list
Error: configmaps is forbidden: User "system:serviceaccount:kube-system:default" cannot list resource "configmaps" in API group "" in the namespace "kube-system"

SOLUTION: Use below commands to create serviceaccount and clusterrolebinding and patch the tiller-deployment to user service account.

kubectl create serviceaccount --namespace kube-system tiller

kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller

kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'

Answer 2

helm is probably fine.

You need to have correct serveice-account and role binding. Refer https://github.com/helm/helm/blob/master/docs/rbac.md#tiller-and-role-based-access-control for common scenario examples.