Merge pull request #3176 from equinix-ms/master
Add option to change the Tiller Deployment namespace.
This commit is contained in:
commit
f82a1933b0
6 changed files with 41 additions and 18 deletions
|
@ -13,6 +13,9 @@ helm_skip_refresh: false
|
||||||
# Set URL for stable repository
|
# Set URL for stable repository
|
||||||
# helm_stable_repo_url: "https://kubernetes-charts.storage.googleapis.com"
|
# helm_stable_repo_url: "https://kubernetes-charts.storage.googleapis.com"
|
||||||
|
|
||||||
|
# Namespace for the Tiller Deployment.
|
||||||
|
tiller_namespace: kube-system
|
||||||
|
|
||||||
# Set node selector options for Tiller Deployment manifest.
|
# Set node selector options for Tiller Deployment manifest.
|
||||||
# tiller_node_selectors: "key1=val1,key2=val2"
|
# tiller_node_selectors: "key1=val1,key2=val2"
|
||||||
|
|
||||||
|
|
|
@ -7,9 +7,10 @@
|
||||||
|
|
||||||
- name: Helm | Lay Down Helm Manifests (RBAC)
|
- name: Helm | Lay Down Helm Manifests (RBAC)
|
||||||
template:
|
template:
|
||||||
src: "{{item.file}}"
|
src: "{{item.file}}.j2"
|
||||||
dest: "{{kube_config_dir}}/{{item.file}}"
|
dest: "{{kube_config_dir}}/{{item.file}}"
|
||||||
with_items:
|
with_items:
|
||||||
|
- {name: tiller, file: tiller-namespace.yml, type: namespace}
|
||||||
- {name: tiller, file: tiller-sa.yml, type: sa}
|
- {name: tiller, file: tiller-sa.yml, type: sa}
|
||||||
- {name: tiller, file: tiller-clusterrolebinding.yml, type: clusterrolebinding}
|
- {name: tiller, file: tiller-clusterrolebinding.yml, type: clusterrolebinding}
|
||||||
register: manifests
|
register: manifests
|
||||||
|
@ -18,7 +19,7 @@
|
||||||
- name: Helm | Apply Helm Manifests (RBAC)
|
- name: Helm | Apply Helm Manifests (RBAC)
|
||||||
kube:
|
kube:
|
||||||
name: "{{item.item.name}}"
|
name: "{{item.item.name}}"
|
||||||
namespace: "kube-system"
|
namespace: "{{ tiller_namespace }}"
|
||||||
kubectl: "{{bin_dir}}/kubectl"
|
kubectl: "{{bin_dir}}/kubectl"
|
||||||
resource: "{{item.item.type}}"
|
resource: "{{item.item.type}}"
|
||||||
filename: "{{kube_config_dir}}/{{item.item.file}}"
|
filename: "{{kube_config_dir}}/{{item.item.file}}"
|
||||||
|
@ -28,7 +29,7 @@
|
||||||
|
|
||||||
- name: Helm | Install/upgrade helm
|
- name: Helm | Install/upgrade helm
|
||||||
command: >
|
command: >
|
||||||
{{ bin_dir }}/helm init --upgrade --tiller-image={{ tiller_image_repo }}:{{ tiller_image_tag }} --tiller-namespace=kube-system
|
{{ bin_dir }}/helm init --upgrade --tiller-image={{ tiller_image_repo }}:{{ tiller_image_tag }} --tiller-namespace={{ tiller_namespace }}
|
||||||
{% if helm_skip_refresh %} --skip-refresh{% endif %}
|
{% if helm_skip_refresh %} --skip-refresh{% endif %}
|
||||||
{% if helm_stable_repo_url is defined %} --stable-repo-url {{ helm_stable_repo_url }}{% endif %}
|
{% if helm_stable_repo_url is defined %} --stable-repo-url {{ helm_stable_repo_url }}{% endif %}
|
||||||
{% if rbac_enabled %} --service-account=tiller{% endif %}
|
{% if rbac_enabled %} --service-account=tiller{% endif %}
|
||||||
|
|
|
@ -1,14 +0,0 @@
|
||||||
---
|
|
||||||
kind: ClusterRoleBinding
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
|
||||||
metadata:
|
|
||||||
name: tiller
|
|
||||||
namespace: kube-system
|
|
||||||
subjects:
|
|
||||||
- kind: ServiceAccount
|
|
||||||
name: tiller
|
|
||||||
namespace: kube-system
|
|
||||||
roleRef:
|
|
||||||
kind: ClusterRole
|
|
||||||
name: cluster-admin
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
|
@ -0,0 +1,29 @@
|
||||||
|
---
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
|
metadata:
|
||||||
|
name: tiller
|
||||||
|
namespace: {{ tiller_namespace }}
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: tiller
|
||||||
|
namespace: {{ tiller_namespace }}
|
||||||
|
roleRef:
|
||||||
|
kind: ClusterRole
|
||||||
|
name: cluster-admin
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
{% if podsecuritypolicy_enabled %}
|
||||||
|
---
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
metadata:
|
||||||
|
name: psp:tiller
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: tiller
|
||||||
|
namespace: {{ tiller_namespace }}
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: ClusterRole
|
||||||
|
name: psp:privileged
|
||||||
|
{% endif %}
|
|
@ -0,0 +1,4 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: "{{ tiller_namespace}}"
|
|
@ -3,6 +3,6 @@ apiVersion: v1
|
||||||
kind: ServiceAccount
|
kind: ServiceAccount
|
||||||
metadata:
|
metadata:
|
||||||
name: tiller
|
name: tiller
|
||||||
namespace: kube-system
|
namespace: {{ tiller_namespace }}
|
||||||
labels:
|
labels:
|
||||||
kubernetes.io/cluster-service: "true"
|
kubernetes.io/cluster-service: "true"
|
Loading…
Reference in a new issue