+{{- $tillerKey := .Values.appmgr.tillerkey | default "ricxapp" }}
+{{- $topCtx := . }}
+{{- $ctx := dict "ctx" $topCtx "key" $tillerKey }}
---
apiVersion: v1
kind: ServiceAccount
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
- name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.helmrepositorytillernamespace" . }}-access
- namespace: {{ include "common.helmrepositorytillernamespace" . }}
+ name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.tillerNameSpace" $ctx }}-access
+ namespace: {{ include "common.tillerDeployNameSpace" $ctx }}
rules:
- apiGroups: [""]
resources: ["pods", "pods/portforward"]
verbs: ["get", "list", "create"]
+
+{{- if or (eq (include "common.tillerTLSVerify" $ctx) "true" ) (eq (include "common.tillerTLSAuthenticate" $ctx) "true") }}
+- apiGroups: [""]
+ resources: ["secrets"]
+ resourceNames: [ {{ include "common.tillerHelmClientTLSSecret" $ctx | quote }} ]
+ verbs: ["get"]
+{{- end }}
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
- name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.helmrepositorytillernamespace" .}}-access
- namespace: {{ include "common.helmrepositorytillernamespace" . }}
+ name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.tillerNameSpace" $ctx }}-access
+ namespace: {{ include "common.tillerDeployNameSpace" $ctx }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
- name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.helmrepositorytillernamespace" .}}-access
+ name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.tillerNameSpace" $ctx }}-access
subjects:
- kind: ServiceAccount
name: {{ include "common.serviceaccountname.appmgr" . }}
namespace: {{ include "common.namespace.platform" . }}
+---