2 Copyright (c) 2019 AT&T Intellectual Property.
3 Copyright (c) 2019 Nokia.
5 Licensed under the Apache License, Version 2.0 (the "License");
6 you may not use this file except in compliance with the License.
7 You may obtain a copy of the License at
9 http://www.apache.org/licenses/LICENSE-2.0
11 Unless required by applicable law or agreed to in writing, software
12 distributed under the License is distributed on an "AS IS" BASIS,
13 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 See the License for the specific language governing permissions and
15 limitations under the License.
17 {{- if .Values.global }}
18 {{- if .Values.global.tillers }}
20 {{- range keys .Values.global.tillers }}
22 {{- with index $topCtx.Values.global.tillers . }}
23 {{- $nameSpace := .nameSpace }}
24 {{- $deployNameSpace := .deployNameSpace }}
25 {{- $img := .image.tiller }}
26 {{- $secretName := default "tiller-secret" .secret.tillerSecretName }}
27 {{- $ctx := dict "ctx" $topCtx "key" $key }}
32 name: {{ include "common.serviceaccountname.tiller" $ctx }}
33 namespace: {{ $deployNameSpace }}
35 apiVersion: rbac.authorization.k8s.io/v1beta1
38 name: {{ include "common.tillerName" $ctx }}-tiller-base
39 namespace: {{ $nameSpace }}
42 resources: ["secrets"]
43 resourceNames: [ {{ $secretName }} ]
46 resources: ["pods/portforward"]
49 resources: ["namespaces"]
52 resources: ["pods", "configmaps", "deployments", "services"]
53 verbs: ["get", "list", "create", "delete"]
55 apiVersion: rbac.authorization.k8s.io/v1beta1
58 name: {{ include "common.serviceaccountname.tiller" $ctx }}-{{ $nameSpace }}-tiller-base
59 namespace: {{ $nameSpace }}
61 apiGroup: rbac.authorization.k8s.io
63 name: {{ include "common.tillerName" $ctx }}-tiller-base
65 - kind: ServiceAccount
66 name: {{ include "common.serviceaccountname.tiller" $ctx }}
67 namespace: {{ $deployNameSpace }}
69 apiVersion: rbac.authorization.k8s.io/v1beta1
72 name: {{ include "common.tillerName" $ctx }}-tiller-operation
73 namespace: {{ $deployNameSpace }}
76 resources: ["configmaps"]
77 verbs: ["get", "list", "create", "delete", "update"]
79 apiVersion: rbac.authorization.k8s.io/v1beta1
82 name: {{ include "common.serviceaccountname.tiller" $ctx }}-{{ $nameSpace }}-tiller-operation
83 namespace: {{ $deployNameSpace }}
85 apiGroup: rbac.authorization.k8s.io
87 name: {{ include "common.tillerName" $ctx }}-tiller-operation
89 - kind: ServiceAccount
90 name: {{ include "common.serviceaccountname.tiller" $ctx }}
91 namespace: {{ $deployNameSpace }}
92 {{- if .serviceAccount.role }}
94 apiVersion: rbac.authorization.k8s.io/v1beta1
97 name: {{ include "common.tillerName" $ctx }}-tiller-deployer
98 namespace: {{ $nameSpace }}
100 {{ toYaml .serviceAccount.role }}
102 apiVersion: rbac.authorization.k8s.io/v1beta1
105 name: {{ include "common.serviceaccountname.tiller" $ctx }}-{{ $nameSpace }}-tiller-deployer
106 namespace: {{ $nameSpace }}
108 apiGroup: rbac.authorization.k8s.io
110 name: {{ include "common.tillerName" $ctx }}-tiller-deployer
112 - kind: ServiceAccount
113 name: {{ include "common.serviceaccountname.tiller" $ctx }}
114 namespace: {{ $deployNameSpace }}
123 name: {{ include "common.deploymentname.tiller" $ctx }}
124 namespace: {{ $deployNameSpace }}
137 automountServiceAccountToken: true
139 {{- if $img.repositoryCred }}
140 - name: {{ $img.repositoryCred }}
142 - name: {{ include "common.repositoryCred" $topCtx }}
146 - name: TILLER_NAMESPACE
147 value: {{ $deployNameSpace }}
148 - name: TILLER_HISTORY_MAX
150 - name: TILLER_TLS_VERIFY
152 - name: TILLER_TLS_ENABLE
154 - name: TILLER_TLS_CERTS
156 image: {{ if $img.repository }}{{- $img.repository -}}/{{ else }}{{ include "common.repository" $topCtx -}}/{{- end -}}{{- $img.name -}}{{- if $img.tag -}} : {{- $img.tag -}} {{- end }}
157 imagePullPolicy: {{ default "IfNotPresent" $img.pullPolicy }}
162 initialDelaySeconds: 1
166 - containerPort: 44134
168 - containerPort: 44135
174 initialDelaySeconds: 1
177 - mountPath: /etc/certs
180 serviceAccountName: {{ include "common.serviceaccountname.tiller" $ctx }}
184 secretName: {{ $secretName }}
189 creationTimestamp: null
193 name: {{ include "common.servicename.tiller" $ctx }}
194 namespace: {{ $deployNameSpace }}
198 port: {{ default 44134 .port }}