Terraform helm cert-manager

I’m using terraform to deploy a cluster rancher HA
I get two problems:
here is the helm provider
provider “helm” {
install_tiller = “true”
service_account = “tiller”
kubernetes {
config_path = “kube_config_cluster.yml”
}
}
here is how I try to install
resource “null_resource” “cert-manager-crds” {
depends_on = [null_resource.install-nodes]
provisioner “local-exec” {
command = <<EOF
kubectl --kubeconfig kube_config_cluster.yml apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.10/deploy/manifests/00-crds.yaml
kubectl --kubeconfig kube_config_cluster.yml create namespace cert-manager
kubectl --kubeconfig kube_config_cluster.yml label namespace cert-manager certmanager.k8s.io/disable-validation=true
EOF
environment = {
KUBECONFIG = “kube_config_cluster.yml”
}
}
}

resource “helm_release” “cert_manager” {
depends_on = [null_resource.install-nodes]
version = “v0.10.0”
name = “cert-manager”
chart = “jetstack/cert-manager”
namespace = “cert-manager”
}
I get
Error: rpc error: code = Unknown desc = configmaps is forbidden: User “system:serviceaccount:kube-system:default” cannot list resource “configmaps” in API group “” in the namespace “kube-system”