2 Copyright (c) 2019 AT&T Intellectual Property.
3 Copyright (c) 2019 Nokia.
5 Licensed under the Apache License, Version 2.0 (the "License");
6 you may not use this file except in compliance with the License.
7 You may obtain a copy of the License at
9 http://www.apache.org/licenses/LICENSE-2.0
11 Unless required by applicable law or agreed to in writing, software
12 distributed under the License is distributed on an "AS IS" BASIS,
13 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 See the License for the specific language governing permissions and
15 limitations under the License.
17 {{- if .Values.global }}
18 {{- if .Values.global.tillers }}
20 {{- range keys .Values.global.tillers }}
22 {{- with index $topCtx.Values.global.tillers . }}
23 {{- $nameSpace := .nameSpace }}
24 {{- $deployNameSpace := .deployNameSpace }}
25 {{- $img := .image.tiller }}
26 {{- $secretName := default "tiller-secret" .secret.tillerSecretName }}
27 {{- $ctx := dict "ctx" $topCtx "key" $key }}
32 name: {{ include "common.serviceaccountname.tiller" $ctx }}
33 namespace: {{ $deployNameSpace }}
35 apiVersion: rbac.authorization.k8s.io/v1beta1
38 name: {{ include "common.tillerName" $ctx }}-tiller-base
39 namespace: {{ $nameSpace }}
42 resources: ["secrets"]
43 resourceNames: [ {{ $secretName }} ]
46 resources: ["pods/portforward"]
49 resources: ["pods", "configmaps", "deployments", "services"]
50 verbs: ["get", "list", "create", "delete"]
52 apiVersion: rbac.authorization.k8s.io/v1beta1
55 name: {{ include "common.serviceaccountname.tiller" $ctx }}-{{ $nameSpace }}-tiller-base
56 namespace: {{ $nameSpace }}
58 apiGroup: rbac.authorization.k8s.io
60 name: {{ include "common.tillerName" $ctx }}-tiller-base
62 - kind: ServiceAccount
63 name: {{ include "common.serviceaccountname.tiller" $ctx }}
64 namespace: {{ $deployNameSpace }}
65 {{- if .serviceAccount.role }}
67 apiVersion: rbac.authorization.k8s.io/v1beta1
70 name: {{ include "common.tillerName" $ctx }}-tiller-deployer
71 namespace: {{ $nameSpace }}
73 {{ toYaml .serviceAccount.role }}
75 apiVersion: rbac.authorization.k8s.io/v1beta1
78 name: {{ include "common.serviceaccountname.tiller" $ctx }}-{{ $nameSpace }}-tiller-deployer
79 namespace: {{ $nameSpace }}
81 apiGroup: rbac.authorization.k8s.io
83 name: {{ include "common.tillerName" $ctx }}-tiller-deployer
85 - kind: ServiceAccount
86 name: {{ include "common.serviceaccountname.tiller" $ctx }}
87 namespace: {{ $deployNameSpace }}
90 apiVersion: extensions/v1beta1
96 name: {{ include "common.deploymentname.tiller" $ctx }}
97 namespace: {{ $deployNameSpace }}
106 automountServiceAccountToken: true
108 {{- if $img.repositoryCred }}
109 - name: {{ $img.repositoryCred }}
111 - name: {{ include "common.repositoryCred" $topCtx }}
115 - name: TILLER_NAMESPACE
116 value: {{ $deployNameSpace }}
117 - name: TILLER_HISTORY_MAX
119 - name: TILLER_TLS_VERIFY
121 - name: TILLER_TLS_ENABLE
123 - name: TILLER_TLS_CERTS
125 image: {{ if $img.repository }}{{- $img.repository -}}/{{ else }}{{ include "common.repository" $topCtx -}}/{{- end -}}{{- $img.name -}}{{- if $img.tag -}} : {{- $img.tag -}} {{- end }}
126 imagePullPolicy: {{ default "IfNotPresent" $img.pullPolicy }}
131 initialDelaySeconds: 1
135 - containerPort: 44134
137 - containerPort: 44135
143 initialDelaySeconds: 1
146 - mountPath: /etc/certs
149 serviceAccountName: {{ include "common.serviceaccountname.tiller" $ctx }}
153 secretName: {{ $secretName }}
158 creationTimestamp: null
162 name: {{ include "common.servicename.tiller" $ctx }}
163 namespace: {{ $deployNameSpace }}
167 port: {{ default 44134 .port }}