Add support for prometheus

[ric-plt/ric-dep.git] / helm / infrastructure / templates / job-tiller-secrets.yaml

{{/*
   Copyright (c) 2019 AT&T Intellectual Property.
   Copyright (c) 2019 Nokia.

   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at

       http://www.apache.org/licenses/LICENSE-2.0

   Unless required by applicable law or agreed to in writing, software
   distributed under the License is distributed on an "AS IS" BASIS,
   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   See the License for the specific language governing permissions and
   limitations under the License.
*/}}
{{- if .Values.common }}
{{- $kubeapiServerEndpoint := .Values.common.k8sAPIHost }}
{{- if .Values.common.tillers }}
{{- $topCtx := . }}
{{- range keys .Values.common.tillers }}
{{- $key := . }}
{{- with index $topCtx.Values.common.tillers  . }}
{{- $img := .image.tillerTLSSecrets }}
{{- $imgPullPolicy := .imagePullPolicy }}
{{- $tillerSecret := default "tiller-secret" .secret.tillerSecretName }}
{{- $helmSecret := default "helm-secret" .secret.helmSecretName }}
{{- $serviceAccountName := default "tiller" .serviceAccount }}
{{- $nameSpace := .nameSpace }}
{{- $deployNameSpace := .deployNameSpace }}
{{- $img := .image.tillerTLSSecrets }}
{{- $ctx := dict "ctx" $topCtx "key" $key }}
{{- if .secret.create }}
{{- $serviceAccountName := randAlpha 6 | lower | printf "tiller-secret-creator-%s" }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: {{ $serviceAccountName }}
  namespace: {{ $deployNameSpace }}
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
  name: {{ $serviceAccountName }}-secret-create
  namespace: {{ $deployNameSpace }}
rules:
- apiGroups: [""]
  resources: ["secrets"]
  verbs: ["create", "get", "patch"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
  name: {{ $serviceAccountName }}-secret-create
  namespace: {{ $deployNameSpace }}
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: {{ $serviceAccountName }}-secret-create
subjects:
  - kind: ServiceAccount
    name: {{ $serviceAccountName }}
    namespace: {{ $deployNameSpace }}
---
apiVersion: batch/v1
kind: Job
metadata:
  name: tiller-secret-generator
  namespace: {{ $deployNameSpace }}
spec:
  template:
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: Never
      {{- $newctx := dict "ctx" $topCtx "defaultregistry" $img.registry }}
      imagePullSecrets:
        - name: {{ include "common.dockerregistry.credential" $newctx }}
      containers:
        - name: tiller-secret-generator
          image: {{ include "common.dockerregistry.url" $newctx }}/{{- $img.name -}}:{{- $img.tag }}
          {{- $newctx := dict "ctx" $topCtx "defaultpullpolicy" $imgPullPolicy }}
          imagePullPolicy: {{ include "common.dockerregistry.pullpolicy" $newctx }}
          env:
            - name: ENTITIES
              value: {{ tuple $tillerSecret $helmSecret | join " "  }}
            - name: TILLER_KEY_NAME
              value: {{ $tillerSecret }}.key.pem
            - name: TILLER_CERT_NAME
              value: {{ $tillerSecret }}.cert.pem
            - name: HELM_KEY_NAME
              value: {{ $helmSecret }}.key.pem
            - name: HELM_CERT_NAME
              value: {{ $helmSecret }}.cert.pem
            - name: TILLER_CN
              value: {{ default ( include "common.servicename.tiller" $ctx ) .hostname }}
            - name: CLUSTER_SERVER
              value: {{ default "https://kubernetes.default.svc.cluster.local/" $kubeapiServerEndpoint }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}