Update Armada Tiller Chart

We are seeing error [0] during deployment.

This is an attempt to fix the issue.

[0] Error Messages

StatusCode.UNKNOWN, configmaps is forbidden:
User "system:serviceaccount:kube-system:default" cannot list configmaps in the namespace "kube-system"

Change-Id: I9b962d3b173fc59685c95901581c4ad0f31aa4b9
This commit is contained in:
Anthony Lin 2018-01-26 18:28:22 +00:00
parent 4bc40c2318
commit 146cf2f9e6
4 changed files with 41 additions and 36 deletions

View File

@ -0,0 +1,18 @@
# Copyright 2018 AT&T Intellectual Property. All other rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
dependencies:
- name: helm-toolkit
repository: http://localhost:8879/charts
version: 0.1.0

View File

@ -16,6 +16,22 @@ limitations under the License.
{{- if .Values.manifests.deployment_tiller }} {{- if .Values.manifests.deployment_tiller }}
{{- $envAll := . }} {{- $envAll := . }}
{{- $dependencies := .Values.dependencies.tiller_deploy }}
{{- $serviceAccountName := "tiller-deploy" }}
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: run-tiller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: {{ $serviceAccountName }}
namespace: {{ .Release.Namespace }}
--- ---
apiVersion: extensions/v1beta1 apiVersion: extensions/v1beta1
kind: Deployment kind: Deployment
@ -41,6 +57,7 @@ spec:
app: helm app: helm
name: tiller name: tiller
spec: spec:
serviceAccountName: {{ $serviceAccountName }}
containers: containers:
- env: - env:
- name: TILLER_NAMESPACE - name: TILLER_NAMESPACE

View File

@ -1,35 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.rbac }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: tiller
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: tiller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: tiller
namespace: {{ .Release.Namespace }}
{{- end }}

View File

@ -14,6 +14,9 @@
# namespace: "kube-system" # namespace: "kube-system"
dependencies:
tiller_deploy:
images: images:
tags: tags:
tiller: gcr.io/kubernetes-helm/tiller:v2.7.2 tiller: gcr.io/kubernetes-helm/tiller:v2.7.2
@ -21,6 +24,9 @@ images:
pull_policy: "IfNotPresent" pull_policy: "IfNotPresent"
deployment: deployment:
# NOTE: CUrrent replica is hard-coded to 1. This is a placeholder variable
# for future usage. Updates will be made to the chart when we know that
# tiller is stable with multiple instances.
replicas: 1 replicas: 1
# The amount of revision tiller is willing to support. 0 means that there is # The amount of revision tiller is willing to support. 0 means that there is
# no limit. # no limit.
@ -29,4 +35,3 @@ deployment:
manifests: manifests:
deployment_tiller: true deployment_tiller: true
service_tiller: true service_tiller: true
rbac: true