2 Copyright (c) 2019 AT&T Intellectual Property.
3 Copyright (c) 2019 Nokia.
5 Licensed under the Apache License, Version 2.0 (the "License");
6 you may not use this file except in compliance with the License.
7 You may obtain a copy of the License at
9 http://www.apache.org/licenses/LICENSE-2.0
11 Unless required by applicable law or agreed to in writing, software
12 distributed under the License is distributed on an "AS IS" BASIS,
13 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 See the License for the specific language governing permissions and
15 limitations under the License.
17 {{- if .Values.global }}
18 {{- if .Values.global.tillers }}
20 {{- range keys .Values.global.tillers }}
22 {{- with index $topCtx.Values.global.tillers . }}
23 {{- $nameSpace := .nameSpace }}
24 {{- $deployNameSpace := .deployNameSpace }}
25 {{- $img := .image.tiller }}
26 {{- $secretName := default "tiller-secret" .secret.tillerSecretName }}
27 {{- $ctx := dict "ctx" $topCtx "key" $key }}
32 name: {{ include "common.serviceaccountname.tiller" $ctx }}
33 namespace: {{ $deployNameSpace }}
35 apiVersion: rbac.authorization.k8s.io/v1beta1
38 name: {{ include "common.tillerName" $ctx }}-tiller-base
39 namespace: {{ $nameSpace }}
42 resources: ["secrets"]
43 resourceNames: [ {{ $secretName }} ]
46 resources: ["pods/portforward"]
49 resources: ["namespaces"]
52 resources: ["pods", "configmaps", "deployments", "services"]
53 verbs: ["get", "list", "create", "delete"]
55 apiVersion: rbac.authorization.k8s.io/v1beta1
58 name: {{ include "common.serviceaccountname.tiller" $ctx }}-{{ $nameSpace }}-tiller-base
59 namespace: {{ $nameSpace }}
61 apiGroup: rbac.authorization.k8s.io
63 name: {{ include "common.tillerName" $ctx }}-tiller-base
65 - kind: ServiceAccount
66 name: {{ include "common.serviceaccountname.tiller" $ctx }}
67 namespace: {{ $deployNameSpace }}
69 apiVersion: rbac.authorization.k8s.io/v1beta1
72 name: {{ include "common.tillerName" $ctx }}-tiller-operation
73 namespace: {{ $deployNameSpace }}
76 resources: ["configmaps"]
77 verbs: ["get", "list", "create", "delete", "update"]
79 apiVersion: rbac.authorization.k8s.io/v1beta1
82 name: {{ include "common.serviceaccountname.tiller" $ctx }}-{{ $nameSpace }}-tiller-operation
83 namespace: {{ $deployNameSpace }}
85 apiGroup: rbac.authorization.k8s.io
87 name: {{ include "common.tillerName" $ctx }}-tiller-operation
89 - kind: ServiceAccount
90 name: {{ include "common.serviceaccountname.tiller" $ctx }}
91 namespace: {{ $deployNameSpace }}
92 {{- if .serviceAccount.role }}
94 apiVersion: rbac.authorization.k8s.io/v1beta1
97 name: {{ include "common.tillerName" $ctx }}-tiller-deployer
98 namespace: {{ $nameSpace }}
100 {{ toYaml .serviceAccount.role }}
102 apiVersion: rbac.authorization.k8s.io/v1beta1
105 name: {{ include "common.serviceaccountname.tiller" $ctx }}-{{ $nameSpace }}-tiller-deployer
106 namespace: {{ $nameSpace }}
108 apiGroup: rbac.authorization.k8s.io
110 name: {{ include "common.tillerName" $ctx }}-tiller-deployer
112 - kind: ServiceAccount
113 name: {{ include "common.serviceaccountname.tiller" $ctx }}
114 namespace: {{ $deployNameSpace }}
117 apiVersion: extensions/v1beta1
123 name: {{ include "common.deploymentname.tiller" $ctx }}
124 namespace: {{ $deployNameSpace }}
133 automountServiceAccountToken: true
135 {{- if $img.repositoryCred }}
136 - name: {{ $img.repositoryCred }}
138 - name: {{ include "common.repositoryCred" $topCtx }}
142 - name: TILLER_NAMESPACE
143 value: {{ $deployNameSpace }}
144 - name: TILLER_HISTORY_MAX
146 - name: TILLER_TLS_VERIFY
148 - name: TILLER_TLS_ENABLE
150 - name: TILLER_TLS_CERTS
152 image: {{ if $img.repository }}{{- $img.repository -}}/{{ else }}{{ include "common.repository" $topCtx -}}/{{- end -}}{{- $img.name -}}{{- if $img.tag -}} : {{- $img.tag -}} {{- end }}
153 imagePullPolicy: {{ default "IfNotPresent" $img.pullPolicy }}
158 initialDelaySeconds: 1
162 - containerPort: 44134
164 - containerPort: 44135
170 initialDelaySeconds: 1
173 - mountPath: /etc/certs
176 serviceAccountName: {{ include "common.serviceaccountname.tiller" $ctx }}
180 secretName: {{ $secretName }}
185 creationTimestamp: null
189 name: {{ include "common.servicename.tiller" $ctx }}
190 namespace: {{ $deployNameSpace }}
194 port: {{ default 44134 .port }}