kubeasz/roles/helm/templates/helm-rbac.yaml.j2

29 lines
617 B
Plaintext
Raw Normal View History

2018-05-27 11:00:12 +08:00
# 绑定helm sa到 cluster-admin这样可以兼容现有需要集群特权的charts
#
{% if helm_namespace not in current_ns.stdout %}
2018-05-23 13:54:41 +08:00
---
apiVersion: v1
kind: Namespace
metadata:
name: {{ helm_namespace }}
{% endif %}
2018-05-23 13:54:41 +08:00
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ tiller_sa }}
namespace: {{ helm_namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
2018-05-27 11:00:12 +08:00
kind: ClusterRoleBinding
2018-05-23 13:54:41 +08:00
metadata:
2018-05-27 11:00:12 +08:00
name: tiller-cb
2018-05-23 13:54:41 +08:00
roleRef:
apiGroup: rbac.authorization.k8s.io
2018-05-27 11:00:12 +08:00
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: {{ tiller_sa }}
namespace: {{ helm_namespace }}