2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
|
# File 'manifests/account_config.pp', line 2
class helm::account_config (
Array $env = $helm::env,
Array $path = $helm::path,
String $service_account = $helm::service_account,
Array[String] $tiller_namespaces = $helm::tiller_namespaces,
){
if (count($tiller_namespaces) > 1) {
$_global_tiller = false
} else {
$_global_tiller = true
}
Exec {
cwd => '/etc/kubernetes',
environment => $env,
logoutput => true,
path => $path,
}
file {'/etc/kubernetes/tiller-serviceaccount.yaml':
ensure => 'file',
owner => 'root',
group => 'root',
mode => '0644',
content => epp('helm/tiller-serviceaccount.yaml.epp', {
'service_account' => $service_account,
}),
}
$tiller_namespaces.each |$ns| {
exec {"create ${ns} tiller service account":
command => "kubectl apply -n ${ns} -f tiller-serviceaccount.yaml",
unless => "kubectl get serviceaccount ${service_account} -n ${ns}",
require => File['/etc/kubernetes/tiller-serviceaccount.yaml'],
}
}
if $_global_tiller {
file {'/etc/kubernetes/tiller-clusterrole.yaml':
ensure => 'file',
owner => 'root',
group => 'root',
mode => '0644',
content => epp('helm/tiller-clusterrole.yaml.epp', {
'namespace' => $tiller_namespaces[0],
'service_account' => $service_account,
}),
}
exec {'create cluster role':
command => 'kubectl apply -f tiller-clusterrole.yaml',
unless => 'kubectl get clusterrolebinding tiller-cluster-rule',
require => File['/etc/kubernetes/tiller-clusterrole.yaml'],
}
} else {
$tiller_namespaces.each |$ns| {
file {"/etc/kubernetes/tiller-${ns}-role.yaml":
ensure => 'file',
owner => 'root',
group => 'root',
mode => '0644',
content => epp('helm/tiller-role.yaml.epp', {
'namespace' => $ns,
'service_account' => $service_account,
}),
}
exec {"create ${ns} tiller role and binding":
command => "kubectl apply -f tiller-${ns}-role.yaml",
unless => "kubectl get rolebinding tiller-binding -n ${ns}",
require => File["/etc/kubernetes/tiller-${ns}-role.yaml"],
}
}
}
}
|