First task is to figure out where Helm installed Tiller. By default Helm installs Tiller into kube-system. This can be verified by using kubectl get pods --namespace=kube-system |grep tiller. Sure enough 1/1 pods are active ready. Probably not ideal to install Tiller to kube-system for an actual production system but that is a different bridge I’ve already looked at.

Alright, so Tiller is installed, I am going to assume it is done properly. With Helm you need the --debug option not the --verbose to get additional details. The output I get is:

[debug] Created tunnel using local port: ‘63286’

[debug] SERVER: “127.0.0.1:63286”

[debug] Original chart version: “” [debug] Fetched banzaicloud-stable/vault-operator to /Users/human/.helm/cache/archive/vault-operator-0.2.4.tgz

[debug] CHART PATH: /Users/human/.helm/cache/archive/vault-operator-0.2.4.tgz

Error: no available release name found

A file does exist at /Users/human/.helm/cache/archive/vault-operator-0.2.4.tgz. To list Tiller output I stole kubectl get pods --all-namespaces | grep tiller, using the first column for the namespace and the second column for the container. Within the output I get an access control error. I am guessing that is the root of the problems.

[storage/driver] 2019/02/01 17:51:47 get: failed to get “banking-lamb.v1”: configmaps “banking-lamb.v1” is forbidden: User “system:serviceaccount:kube-system:default” cannot get configmaps in the namespace “kube-system”

Makes sense a GKE cluster out of the box would be more secure than a local Docker for Mac instance. Looks like I glued the tiller on in wrong place.