kubectl get all –all-namespaces | grep name
From here.
Kubernetes: installing helm tiller with RBAC role and service account
From here.
kubectl create namespace tiller-world
kubectl create serviceaccount tiller --namespace tiller-world
role-tiller.yml:
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: tiller-manager
namespace: tiller-world
rules:
- apiGroups: ["", "batch", "extensions", "apps"]
resources: ["*"]
verbs: ["*"]rolebinding-tiller.yml:
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: tiller-binding
namespace: tiller-world
subjects:
- kind: ServiceAccount
name: tiller
namespace: tiller-world
roleRef:
kind: Role
name: tiller-manager
apiGroup: rbac.authorization.k8s.iohelm init with service account and namespace:
helm init --service-account tiller --tiller-namespace tiller-world
Combining with tls certs (from here):
helm init --tiller-tls --tiller-tls-cert ./tiller.cert.pem --tiller-tls-key ./tiller.key.pem --tiller-tls-verify --tls-ca-cert ca.cert.pem --service-account tiller --tiller-namespace tiller-worldhelm with tls cert
After following steps in guide to create certs:
$ cp ca.cert.pem ~/.helm/ca.pem
$ cp helm.cert.pem ~/.helm/cert.pem
$ cp helm.key.pem ~/.helm/key.pem
Then use the –tls options:
$ helm ls --tls
Kubernetes: can’t schedule a pod on master node
Attempting to run a pod on the master and get this error:
Warning FailedScheduling 14m (x2 over 14m) default-scheduler 0/1 nodes are available: 1 node(s) had taints that the pod didn't tolerate.
From issue here: you can configure the master node to run pods with:
kubectl taint nodes --all node-role.kubernetes.io/master-