2 Copyright (c) 2019 AT&T Intellectual Property.
3 Copyright (c) 2019 Nokia.
5 Licensed under the Apache License, Version 2.0 (the "License");
6 you may not use this file except in compliance with the License.
7 You may obtain a copy of the License at
9 http://www.apache.org/licenses/LICENSE-2.0
11 Unless required by applicable law or agreed to in writing, software
12 distributed under the License is distributed on an "AS IS" BASIS,
13 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 See the License for the specific language governing permissions and
15 limitations under the License.
17 {{- if .Values.common }}
18 {{- if .Values.common.tillers }}
20 {{- range keys .Values.common.tillers }}
22 {{- with index $topCtx.Values.common.tillers . }}
23 {{- $nameSpace := .nameSpace }}
24 {{- $deployNameSpace := .deployNameSpace }}
25 {{- $img := .image.tiller }}
26 {{- $secretName := default "tiller-secret" .secret.tillerSecretName }}
27 {{- $imgPullPolicy := .imagePullPolicy }}
28 {{- $ctx := dict "ctx" $topCtx "key" $key }}
33 name: {{ include "common.serviceaccountname.tiller" $ctx }}
34 namespace: {{ $deployNameSpace }}
36 apiVersion: rbac.authorization.k8s.io/v1
39 name: {{ include "common.tillerName" $ctx }}-tiller-base
40 namespace: {{ $nameSpace }}
43 resources: ["secrets"]
44 resourceNames: [ {{ $secretName }} ]
47 resources: ["pods/portforward"]
50 resources: ["namespaces"]
53 resources: ["pods", "configmaps", "deployments", "services"]
54 verbs: ["get", "list", "create", "delete"]
56 apiVersion: rbac.authorization.k8s.io/v1
59 name: {{ include "common.serviceaccountname.tiller" $ctx }}-{{ $nameSpace }}-tiller-base
60 namespace: {{ $nameSpace }}
62 apiGroup: rbac.authorization.k8s.io
64 name: {{ include "common.tillerName" $ctx }}-tiller-base
66 - kind: ServiceAccount
67 name: {{ include "common.serviceaccountname.tiller" $ctx }}
68 namespace: {{ $deployNameSpace }}
70 apiVersion: rbac.authorization.k8s.io/v1
73 name: {{ include "common.tillerName" $ctx }}-tiller-operation
74 namespace: {{ $deployNameSpace }}
77 resources: ["configmaps"]
78 verbs: ["get", "list", "create", "delete", "update"]
80 apiVersion: rbac.authorization.k8s.io/v1
83 name: {{ include "common.serviceaccountname.tiller" $ctx }}-{{ $nameSpace }}-tiller-operation
84 namespace: {{ $deployNameSpace }}
86 apiGroup: rbac.authorization.k8s.io
88 name: {{ include "common.tillerName" $ctx }}-tiller-operation
90 - kind: ServiceAccount
91 name: {{ include "common.serviceaccountname.tiller" $ctx }}
92 namespace: {{ $deployNameSpace }}
93 {{- if .serviceAccount.role }}
95 apiVersion: rbac.authorization.k8s.io/v1
98 name: {{ include "common.tillerName" $ctx }}-tiller-deployer
99 namespace: {{ $nameSpace }}
101 {{ toYaml .serviceAccount.role }}
103 apiVersion: rbac.authorization.k8s.io/v1
106 name: {{ include "common.serviceaccountname.tiller" $ctx }}-{{ $nameSpace }}-tiller-deployer
107 namespace: {{ $nameSpace }}
109 apiGroup: rbac.authorization.k8s.io
111 name: {{ include "common.tillerName" $ctx }}-tiller-deployer
113 - kind: ServiceAccount
114 name: {{ include "common.serviceaccountname.tiller" $ctx }}
115 namespace: {{ $deployNameSpace }}
124 name: {{ include "common.deploymentname.tiller" $ctx }}
125 namespace: {{ $deployNameSpace }}
138 automountServiceAccountToken: true
139 {{- $newctx := dict "ctx" $topCtx "defaultregistry" $img.registry }}
141 - name: {{ include "common.dockerregistry.credential" $newctx }}
144 - name: TILLER_NAMESPACE
145 value: {{ $deployNameSpace }}
146 - name: TILLER_HISTORY_MAX
148 - name: TILLER_TLS_VERIFY
150 - name: TILLER_TLS_ENABLE
152 - name: TILLER_TLS_CERTS
154 image: {{ include "common.dockerregistry.url" $newctx }}/{{- $img.name -}}:{{- $img.tag }}
155 {{- $newctx := dict "ctx" $topCtx "defaultpullpolicy" $imgPullPolicy }}
156 imagePullPolicy: {{ include "common.dockerregistry.pullpolicy" $newctx }}
161 initialDelaySeconds: 1
165 - containerPort: 44134
167 - containerPort: 44135
173 initialDelaySeconds: 1
176 - mountPath: /etc/certs
179 serviceAccountName: {{ include "common.serviceaccountname.tiller" $ctx }}
183 secretName: {{ $secretName }}
188 creationTimestamp: null
192 name: {{ include "common.servicename.tiller" $ctx }}
193 namespace: {{ $deployNameSpace }}
197 port: {{ default 44134 .port }}