Skip to content
Snippets Groups Projects
Unverified Commit f82a1933 authored by k8s-ci-robot's avatar k8s-ci-robot Committed by GitHub
Browse files

Merge pull request #3176 from equinix-ms/master

Add option to change the Tiller Deployment namespace.
parents f876c890 bbdd1c8f
No related branches found
No related tags found
No related merge requests found
......@@ -13,6 +13,9 @@ helm_skip_refresh: false
# Set URL for stable repository
# helm_stable_repo_url: "https://kubernetes-charts.storage.googleapis.com"
# Namespace for the Tiller Deployment.
tiller_namespace: kube-system
# Set node selector options for Tiller Deployment manifest.
# tiller_node_selectors: "key1=val1,key2=val2"
......
......@@ -7,9 +7,10 @@
- name: Helm | Lay Down Helm Manifests (RBAC)
template:
src: "{{item.file}}"
src: "{{item.file}}.j2"
dest: "{{kube_config_dir}}/{{item.file}}"
with_items:
- {name: tiller, file: tiller-namespace.yml, type: namespace}
- {name: tiller, file: tiller-sa.yml, type: sa}
- {name: tiller, file: tiller-clusterrolebinding.yml, type: clusterrolebinding}
register: manifests
......@@ -18,7 +19,7 @@
- name: Helm | Apply Helm Manifests (RBAC)
kube:
name: "{{item.item.name}}"
namespace: "kube-system"
namespace: "{{ tiller_namespace }}"
kubectl: "{{bin_dir}}/kubectl"
resource: "{{item.item.type}}"
filename: "{{kube_config_dir}}/{{item.item.file}}"
......@@ -28,7 +29,7 @@
- name: Helm | Install/upgrade helm
command: >
{{ bin_dir }}/helm init --upgrade --tiller-image={{ tiller_image_repo }}:{{ tiller_image_tag }} --tiller-namespace=kube-system
{{ bin_dir }}/helm init --upgrade --tiller-image={{ tiller_image_repo }}:{{ tiller_image_tag }} --tiller-namespace={{ tiller_namespace }}
{% if helm_skip_refresh %} --skip-refresh{% endif %}
{% if helm_stable_repo_url is defined %} --stable-repo-url {{ helm_stable_repo_url }}{% endif %}
{% if rbac_enabled %} --service-account=tiller{% endif %}
......
......@@ -3,12 +3,27 @@ kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: tiller
namespace: kube-system
namespace: {{ tiller_namespace }}
subjects:
- kind: ServiceAccount
name: tiller
namespace: kube-system
namespace: {{ tiller_namespace }}
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
{% if podsecuritypolicy_enabled %}
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: psp:tiller
subjects:
- kind: ServiceAccount
name: tiller
namespace: {{ tiller_namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: psp:privileged
{% endif %}
apiVersion: v1
kind: Namespace
metadata:
name: "{{ tiller_namespace}}"
......@@ -3,6 +3,6 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: tiller
namespace: kube-system
namespace: {{ tiller_namespace }}
labels:
kubernetes.io/cluster-service: "true"
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment