forbidden: User "system:serviceaccount:kube-system:default" cannot get namespaces in the namespace "default

[postak]

Following the instruction in the documentation when running
helm install --name myfn fn
I get the error forbidden: User "system:serviceaccount:kube-system:default" cannot get namespaces in the namespace "default

I solved running these commands to my k8s cluster:

kubectl create serviceaccount --namespace kube-system tiller
kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'

if confirmed should be added to the documentation

[kocic11]

I had the same issue and followed this link to resolve it.

Not sure how much should be added to the documentation as it is strictly Helm and RBAC related issue.

[gopimails]

kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'

I am getting below error
kubectl : Error from server (BadRequest): invalid character 's' looking for beginning of object key string

[amos6224]

thanks all, I had the same and was able to fix the issue by following the doc https://docs.helm.sh/using_helm/#tiller-and-role-based-access-control

[peterj]

@postak were you able to resolve the issue with the links mentioned in the thread?

[postak]

Yes, with these commands kubectl create serviceaccount --namespace kube-system tiller # kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller # kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}' Il giorno ven 17 ago 2018 alle 19:03 Peter Jausovec < [email protected]> ha scritto:

@postak <https://github.com/postak> were you able to resolve the issue with the links mentioned in the thread? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#21 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAnPtsExq6_UPnQZX-ORTtMwHfC1OMqlks5uRvd8gaJpZM4TM9q4> .

-- -- Sent from my StarTAC

[peterj]

Perfect. Since this was resolved and it's not really related to Fn, I'll close it. Feel free to open a new issue if you ran into issues. Thanks!

[thiagodiogo]

Worked here as well, thanks guys

[rnkhouse]

kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'
Error from server (BadRequest): invalid character 's' looking for beginning of object key string

[peterj]

@rnkhouse if the problem you're seeing is related to Fn, please open a separate issue and explain what you're seeing. This issue is closed.

[e-desouza]

helm init --upgrade --service-account tiller worked for me

[denismakogon]

Closing one. Please reopen if necessary or if you see the following problem with the latest chart.

[paraspatidar]

kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'
Error from server (BadRequest): invalid character 's' looking for beginning of object key string

Try this :

 $jsondata=  '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'| ConvertTo-Json
kubectl patch deploy --namespace kube-system tiller-deploy -p $jsondata

[loxal]

Why is this is not part of the Helm documentation?!

kubectl create serviceaccount --namespace kube-system tiller
kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'

[encarvlucas]

kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'
Error from server (BadRequest): invalid character 's' looking for beginning of object key string

Try this :

 $jsondata=  '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'| ConvertTo-Json
kubectl patch deploy --namespace kube-system tiller-deploy -p $jsondata

@gopimails @rnkhouse

I had this same issue, you need to escape the double quotes characters on the json:
kubectl patch deploy --namespace kube-system tiller-deploy -p '{\"spec\":{\"template\":{\"spec\":{\"serviceAccount\":\"tiller\"}}}}'

[miraj-godha-guavus]

I solved running all of these commands in given sequence to my k8s cluster:

kubectl create serviceaccount --namespace kube-system tiller
kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'
helm init --upgrade --service-account tiller

And then you can run your helm command like:
helm install --name postgres stable/postgresql --set postgresqlPassword=secretpass,postgresqlDatabase=cdap

[loxal]

The latest v2.15 HELM is finally compatible with K8s v1.16.2.

[mklueh]

$ kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'

produces

Error from server (NotFound): deployments.apps "tiller-deploy" not found

and

helm init --upgrade --service-account tiller

produces

Error: unknown flag: --upgrade

I´m running an automanaged cluster on Digital Ocean. Tiller has been installed through the Gitlab Dashboard after connecting to my cluster.

Appreciate any help

[imriss]

kubectl --namespace kube-system create serviceaccount tiller;
kubectl create clusterrolebinding tiller --clusterrole cluster-admin --serviceaccount=kube-system:tiller;
helm init --service-account tiller --upgrade;
sleep 30;
kubectl get po --all-namespaces;
helm list; 

[man-csl]

I had to escape double quotes and also use " instead of '.
kubectl patch deploy --namespace kube-system tiller-deploy -p "{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}"

[bsamadi]

Isn't tiller gone with helm 2?

A Gentle Farewell to Tiller

[Ravi-Macha]

@miraj-godha-guavus - Your suggested worked for me.