Skip to content
Snippets Groups Projects
Commit bbdd1c8f authored by Robin Elfrink's avatar Robin Elfrink
Browse files

Add option to change the Tiller Deployment namespace.

parent f876c890
No related branches found
No related tags found
No related merge requests found
......@@ -13,6 +13,9 @@ helm_skip_refresh: false
# Set URL for stable repository
# helm_stable_repo_url: "https://kubernetes-charts.storage.googleapis.com"
# Namespace for the Tiller Deployment.
tiller_namespace: kube-system
# Set node selector options for Tiller Deployment manifest.
# tiller_node_selectors: "key1=val1,key2=val2"
......
......@@ -7,9 +7,10 @@
- name: Helm | Lay Down Helm Manifests (RBAC)
template:
src: "{{item.file}}"
src: "{{item.file}}.j2"
dest: "{{kube_config_dir}}/{{item.file}}"
with_items:
- {name: tiller, file: tiller-namespace.yml, type: namespace}
- {name: tiller, file: tiller-sa.yml, type: sa}
- {name: tiller, file: tiller-clusterrolebinding.yml, type: clusterrolebinding}
register: manifests
......@@ -18,7 +19,7 @@
- name: Helm | Apply Helm Manifests (RBAC)
kube:
name: "{{item.item.name}}"
namespace: "kube-system"
namespace: "{{ tiller_namespace }}"
kubectl: "{{bin_dir}}/kubectl"
resource: "{{item.item.type}}"
filename: "{{kube_config_dir}}/{{item.item.file}}"
......@@ -28,7 +29,7 @@
- name: Helm | Install/upgrade helm
command: >
{{ bin_dir }}/helm init --upgrade --tiller-image={{ tiller_image_repo }}:{{ tiller_image_tag }} --tiller-namespace=kube-system
{{ bin_dir }}/helm init --upgrade --tiller-image={{ tiller_image_repo }}:{{ tiller_image_tag }} --tiller-namespace={{ tiller_namespace }}
{% if helm_skip_refresh %} --skip-refresh{% endif %}
{% if helm_stable_repo_url is defined %} --stable-repo-url {{ helm_stable_repo_url }}{% endif %}
{% if rbac_enabled %} --service-account=tiller{% endif %}
......
......@@ -3,12 +3,27 @@ kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: tiller
namespace: kube-system
namespace: {{ tiller_namespace }}
subjects:
- kind: ServiceAccount
name: tiller
namespace: kube-system
namespace: {{ tiller_namespace }}
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
{% if podsecuritypolicy_enabled %}
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: psp:tiller
subjects:
- kind: ServiceAccount
name: tiller
namespace: {{ tiller_namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: psp:privileged
{% endif %}
apiVersion: v1
kind: Namespace
metadata:
name: "{{ tiller_namespace}}"
......@@ -3,6 +3,6 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: tiller
namespace: kube-system
namespace: {{ tiller_namespace }}
labels:
kubernetes.io/cluster-service: "true"
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment