Merge pull request #3176 from equinix-ms/master

Add option to change the Tiller Deployment namespace.
This commit is contained in:
k8s-ci-robot 2018-08-29 03:03:40 -07:00 committed by GitHub
commit f82a1933b0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 41 additions and 18 deletions

View file

@ -13,6 +13,9 @@ helm_skip_refresh: false
# Set URL for stable repository # Set URL for stable repository
# helm_stable_repo_url: "https://kubernetes-charts.storage.googleapis.com" # helm_stable_repo_url: "https://kubernetes-charts.storage.googleapis.com"
# Namespace for the Tiller Deployment.
tiller_namespace: kube-system
# Set node selector options for Tiller Deployment manifest. # Set node selector options for Tiller Deployment manifest.
# tiller_node_selectors: "key1=val1,key2=val2" # tiller_node_selectors: "key1=val1,key2=val2"

View file

@ -7,9 +7,10 @@
- name: Helm | Lay Down Helm Manifests (RBAC) - name: Helm | Lay Down Helm Manifests (RBAC)
template: template:
src: "{{item.file}}" src: "{{item.file}}.j2"
dest: "{{kube_config_dir}}/{{item.file}}" dest: "{{kube_config_dir}}/{{item.file}}"
with_items: with_items:
- {name: tiller, file: tiller-namespace.yml, type: namespace}
- {name: tiller, file: tiller-sa.yml, type: sa} - {name: tiller, file: tiller-sa.yml, type: sa}
- {name: tiller, file: tiller-clusterrolebinding.yml, type: clusterrolebinding} - {name: tiller, file: tiller-clusterrolebinding.yml, type: clusterrolebinding}
register: manifests register: manifests
@ -18,7 +19,7 @@
- name: Helm | Apply Helm Manifests (RBAC) - name: Helm | Apply Helm Manifests (RBAC)
kube: kube:
name: "{{item.item.name}}" name: "{{item.item.name}}"
namespace: "kube-system" namespace: "{{ tiller_namespace }}"
kubectl: "{{bin_dir}}/kubectl" kubectl: "{{bin_dir}}/kubectl"
resource: "{{item.item.type}}" resource: "{{item.item.type}}"
filename: "{{kube_config_dir}}/{{item.item.file}}" filename: "{{kube_config_dir}}/{{item.item.file}}"
@ -28,7 +29,7 @@
- name: Helm | Install/upgrade helm - name: Helm | Install/upgrade helm
command: > command: >
{{ bin_dir }}/helm init --upgrade --tiller-image={{ tiller_image_repo }}:{{ tiller_image_tag }} --tiller-namespace=kube-system {{ bin_dir }}/helm init --upgrade --tiller-image={{ tiller_image_repo }}:{{ tiller_image_tag }} --tiller-namespace={{ tiller_namespace }}
{% if helm_skip_refresh %} --skip-refresh{% endif %} {% if helm_skip_refresh %} --skip-refresh{% endif %}
{% if helm_stable_repo_url is defined %} --stable-repo-url {{ helm_stable_repo_url }}{% endif %} {% if helm_stable_repo_url is defined %} --stable-repo-url {{ helm_stable_repo_url }}{% endif %}
{% if rbac_enabled %} --service-account=tiller{% endif %} {% if rbac_enabled %} --service-account=tiller{% endif %}

View file

@ -1,14 +0,0 @@
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: tiller
namespace: kube-system
subjects:
- kind: ServiceAccount
name: tiller
namespace: kube-system
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io

View file

@ -0,0 +1,29 @@
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: tiller
namespace: {{ tiller_namespace }}
subjects:
- kind: ServiceAccount
name: tiller
namespace: {{ tiller_namespace }}
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
{% if podsecuritypolicy_enabled %}
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: psp:tiller
subjects:
- kind: ServiceAccount
name: tiller
namespace: {{ tiller_namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: psp:privileged
{% endif %}

View file

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: "{{ tiller_namespace}}"

View file

@ -3,6 +3,6 @@ apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
name: tiller name: tiller
namespace: kube-system namespace: {{ tiller_namespace }}
labels: labels:
kubernetes.io/cluster-service: "true" kubernetes.io/cluster-service: "true"