If you are using our reference architecture, then it is still using
helm 2 where there is a server component (aka Tiller) that does all the work. In this model, the idea is that the
autodeploy RBAC group gets access to each Tiller that is used for deployments. This is done through the variable
k8s-namespace-with-tiller, which will bind the minimal permissions necessary to allow running
kubergrunt helm grant and talk to Tiller for that namespace. We don’t bind any other permissions to the RBAC group.
If you are using helm 3 or wish to directly talk to kubernetes API using the autodeploy role, then you need to bind additional permissions to the
autodeploy RBAC group, bind an alternative RBAC group. This can be done using any method that creates RoleBinding and ClusterRoleBinding resources: kubernetes manifest file, helm, or terraform kubernetes provider.
Hope this makes sense!