+{{- if or (eq ( include "common.tillerTLSVerify" $ctx ) "true" ) (eq ( include "common.tillerTLSAuthenticate" $ctx ) "true") }}
+ initContainers:
+ - name: {{ include "common.containername.appmgr" . }}-copy-tiller-secret
+ image: {{ include "common.repository" . }}/{{ .Values.appmgr.image.init.name }}:{{ .Values.appmgr.image.init.tag }}
+ imagePullPolicy: {{ default "IfNotPresent" .pullPolicy }}
+ env:
+ - name: SVCACCT_NAME
+ value: {{ include "common.serviceaccountname.appmgr" . }}
+ - name: CLUSTER_NAME
+ value: {{ default "kubernetes" .Values.global.clusterName }}
+ - name: KUBECONFIG
+ value: /tmp/kubeconfig
+ - name: K8S_API_HOST
+ value: "kubernetes.default.svc.{{ default "cluster.local" .Values.global.dnsDomain }}"
+ - name: SECRET_NAMESPACE
+ value: {{ include "common.tillerDeployNameSpace" $ctx }}
+ - name: SECRET_NAME
+ value: {{ include "common.tillerHelmClientTLSSecret" $ctx }}
+ envFrom:
+ - configMapRef:
+ name: {{ include "common.configmapname.appmgr" . }}-env
+ command: ["/appmgr-tiller-secret-copier.sh"]
+ volumeMounts:
+ - name: helm-secret-volume
+ mountPath: {{ $secretPath }}
+ readOnly: false
+ - name: appmgr-bin-volume
+ mountPath: /svcacct-to-kubeconfig.sh
+ subPath: svcacct-to-kubeconfig.sh
+ - name: appmgr-bin-volume
+ mountPath: /appmgr-tiller-secret-copier.sh
+ subPath: appmgr-tiller-secret-copier.sh
+{{- end }}