# 绑定helm sa到 cluster-admin,这样可以兼容现有需要集群特权的charts # {% if helm_namespace not in current_ns.stdout %} --- apiVersion: v1 kind: Namespace metadata: name: {{ helm_namespace }} {% endif %} --- apiVersion: v1 kind: ServiceAccount metadata: name: {{ tiller_sa }} namespace: {{ helm_namespace }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: tiller-cb roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: {{ tiller_sa }} namespace: {{ helm_namespace }}