Unverified Commit 58ac6023 authored by AdamDang's avatar AdamDang Committed by GitHub

Typo fix helm->Helm

parent 026e6b55
...@@ -4,11 +4,11 @@ In Kubernetes, granting a role to an application-specific service account is a b ...@@ -4,11 +4,11 @@ In Kubernetes, granting a role to an application-specific service account is a b
Bitnami also has a fantastic guide for [configuring RBAC in your cluster](https://docs.bitnami.com/kubernetes/how-to/configure-rbac-in-your-kubernetes-cluster/) that takes you through RBAC basics. Bitnami also has a fantastic guide for [configuring RBAC in your cluster](https://docs.bitnami.com/kubernetes/how-to/configure-rbac-in-your-kubernetes-cluster/) that takes you through RBAC basics.
This guide is for users who want to restrict Tiller's capabilities to install resources to certain namespaces, or to grant a helm client running access to a Tiller instance. This guide is for users who want to restrict Tiller's capabilities to install resources to certain namespaces, or to grant a Helm client running access to a Tiller instance.
## Tiller and Role-based Access Control ## Tiller and Role-based Access Control
You can add a service account to Tiller using the `--service-account <NAME>` flag while you're configuring helm. As a prerequisite, you'll have to create a role binding which specifies a [role](https://kubernetes.io/docs/admin/authorization/rbac/#role-and-clusterrole) and a [service account](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/) name that have been set up in advance. You can add a service account to Tiller using the `--service-account <NAME>` flag while you're configuring Helm. As a prerequisite, you'll have to create a role binding which specifies a [role](https://kubernetes.io/docs/admin/authorization/rbac/#role-and-clusterrole) and a [service account](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/) name that have been set up in advance.
Once you have satisfied the pre-requisite and have a service account with the correct permissions, you'll run a command like this: `helm init --service-account <NAME>` Once you have satisfied the pre-requisite and have a service account with the correct permissions, you'll run a command like this: `helm init --service-account <NAME>`
...@@ -110,7 +110,7 @@ Afterwards you can run `helm init` to install Tiller in the `tiller-world` names ...@@ -110,7 +110,7 @@ Afterwards you can run `helm init` to install Tiller in the `tiller-world` names
$ helm init --service-account tiller --tiller-namespace tiller-world $ helm init --service-account tiller --tiller-namespace tiller-world
$HELM_HOME has been configured at /Users/awesome-user/.helm. $HELM_HOME has been configured at /Users/awesome-user/.helm.
Tiller (the helm server side component) has been installed into your Kubernetes Cluster. Tiller (the Helm server side component) has been installed into your Kubernetes Cluster.
Happy Helming! Happy Helming!
$ helm install nginx --tiller-namespace tiller-world --namespace tiller-world $ helm install nginx --tiller-namespace tiller-world --namespace tiller-world
...@@ -224,11 +224,11 @@ rolebinding "tiller-binding" created ...@@ -224,11 +224,11 @@ rolebinding "tiller-binding" created
## Helm and Role-based Access Control ## Helm and Role-based Access Control
When running a helm client in a pod, in order for the helm client to talk to a Tiller instance, it will need certain privileges to be granted. Specifically, the helm client will need to be able to create pods, forward ports and be able to list pods in the namespace where Tiller is running (so it can find Tiller). When running a Helm client in a pod, in order for the Helm client to talk to a Tiller instance, it will need certain privileges to be granted. Specifically, the Helm client will need to be able to create pods, forward ports and be able to list pods in the namespace where Tiller is running (so it can find Tiller).
### Example: Deploy Helm in a namespace, talking to Tiller in another namespace ### Example: Deploy Helm in a namespace, talking to Tiller in another namespace
In this example, we will assume Tiller is running in a namespace called `tiller-world` and that the helm client is running in a namespace called `helm-world`. By default, Tiller is running in the `kube-system` namespace. In this example, we will assume Tiller is running in a namespace called `tiller-world` and that the Helm client is running in a namespace called `helm-world`. By default, Tiller is running in the `kube-system` namespace.
In `helm-user.yaml`: In `helm-user.yaml`:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment