+++ /dev/null
-{{/*
- Copyright (c) 2019 AT&T Intellectual Property.
- Copyright (c) 2019 Nokia.
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
-*/}}
-{{- if .Values.global }}
-{{- $kubeapiServerEndpoint := .Values.global.k8sAPIHost }}
-{{- if .Values.global.tillers }}
-{{- $topCtx := . }}
-{{- range keys .Values.global.tillers }}
-{{- $key := . }}
-{{- with index $topCtx.Values.global.tillers . }}
-{{- $img := .image.tillerTLSSecrets }}
-{{- $tillerSecret := default "tiller-secret" .secret.tillerSecretName }}
-{{- $helmSecret := default "helm-secret" .secret.helmSecretName }}
-{{- $serviceAccountName := default "tiller" .serviceAccount }}
-{{- $nameSpace := .nameSpace }}
-{{- $deployNameSpace := .deployNameSpace }}
-{{- $img := .image.tillerTLSSecrets }}
-{{- $ctx := dict "ctx" $topCtx "key" $key }}
-{{- if .secret.create }}
-{{- $serviceAccountName := randAlpha 6 | lower | printf "tiller-secret-creator-%s" }}
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: {{ $serviceAccountName }}
- namespace: {{ $deployNameSpace }}
----
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: Role
-metadata:
- name: {{ $serviceAccountName }}-secret-create
- namespace: {{ $deployNameSpace }}
-rules:
-- apiGroups: [""]
- resources: ["secrets"]
- verbs: ["create", "get", "patch"]
----
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: RoleBinding
-metadata:
- name: {{ $serviceAccountName }}-secret-create
- namespace: {{ $deployNameSpace }}
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: {{ $serviceAccountName }}-secret-create
-subjects:
- - kind: ServiceAccount
- name: {{ $serviceAccountName }}
- namespace: {{ $deployNameSpace }}
----
-apiVersion: batch/v1
-kind: Job
-metadata:
- name: tiller-secret-generator
- namespace: {{ $deployNameSpace }}
-spec:
- template:
- spec:
- serviceAccountName: {{ $serviceAccountName }}
- restartPolicy: Never
- imagePullSecrets:
- {{- if $img.repositoryCred }}
- - name: {{ $img.repositoryCred }}
- {{- else }}
- - name: {{ include "common.repositoryCred" $topCtx }}
- {{- end }}
- containers:
- - name: tiller-secret-generator
- image: {{ if $img.repository }}{{- $img.repository -}}/{{ else }} {{ include "common.repository" $topCtx -}}/{{- end -}}{{- $img.name -}}{{- if $img.tag -}} : {{- $img.tag -}} {{- end }}
- imagePullPolicy: {{ default "IfNotPresent" $img.pullPolicy }}
- env:
- - name: ENTITIES
- value: {{ tuple $tillerSecret $helmSecret | join " " }}
- - name: TILLER_KEY_NAME
- value: {{ $tillerSecret }}.key.pem
- - name: TILLER_CERT_NAME
- value: {{ $tillerSecret }}.cert.pem
- - name: HELM_KEY_NAME
- value: {{ $helmSecret }}.key.pem
- - name: HELM_CERT_NAME
- value: {{ $helmSecret }}.cert.pem
- - name: TILLER_CN
- value: {{ default ( include "common.servicename.tiller" $ctx ) .hostname }}
- - name: CLUSTER_SERVER
- value: {{ default "https://kubernetes.default.svc.cluster.local/" $kubeapiServerEndpoint }}
-{{- end }}
-{{- end }}
-{{- end }}
-{{- end }}
-{{- end }}