Merge "Replace deprecatedPublicIPs with externalIPs for Heapster."

commit: e7480ecbb6a6a6c2d9bda6b98a925e34649b291e [log] [tgz]
author: Jakub Josef <jjosef@mirantis.com> Wed Jan 31 12:12:23 2018 +0000
committer: Gerrit Code Review <gerrit2@56fc70e46927> Wed Jan 31 12:12:23 2018 +0000
tree: 0125d690d8cf94e53f48d784b17fb2728ebf99e1
parent: 584c25e4fab8d3eabb8b15767705446474aea147 [diff]
parent: bb5a8422520dc7b3207649f98c891d47eb8e3015 [diff]
diff --git a/kubernetes/files/kube-addons/helm/helm-role.yml b/kubernetes/files/kube-addons/helm/helm-role.yml
new file mode 100644
index 0000000..455a482
--- /dev/null
+++ b/kubernetes/files/kube-addons/helm/helm-role.yml

@@ -0,0 +1,14 @@
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    addonmanager.kubernetes.io/mode: Reconcile
+  name: tiller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+  - kind: ServiceAccount
+    name: tiller
+    namespace: kube-system

diff --git a/kubernetes/files/kube-addons/helm/helm-serviceaccount.yml b/kubernetes/files/kube-addons/helm/helm-serviceaccount.yml
new file mode 100644
index 0000000..caa22ff
--- /dev/null
+++ b/kubernetes/files/kube-addons/helm/helm-serviceaccount.yml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    addonmanager.kubernetes.io/mode: Reconcile
+  name: tiller
+  namespace: kube-system

diff --git a/kubernetes/files/kube-addons/helm/helm-tiller-deploy.yml b/kubernetes/files/kube-addons/helm/helm-tiller-deploy.yml
index 4c87aa8..cfbb823 100644
--- a/kubernetes/files/kube-addons/helm/helm-tiller-deploy.yml
+++ b/kubernetes/files/kube-addons/helm/helm-tiller-deploy.yml

@@ -1,4 +1,5 @@
 {%- from "kubernetes/map.jinja" import common with context -%}
+{%- from "kubernetes/map.jinja" import master with context -%}
 apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
@@ -21,6 +22,9 @@
         app: helm
         name: tiller
     spec:
+      {%- if 'RBAC' in master.auth.get('mode', "") %}
+      serviceAccountName: tiller
+      {%- endif %}
       tolerations:
         - key: node-role.kubernetes.io/master
           effect: NoSchedule

diff --git a/kubernetes/master/kube-addons.sls b/kubernetes/master/kube-addons.sls
index 3682b43..a6773df 100644
--- a/kubernetes/master/kube-addons.sls
+++ b/kubernetes/master/kube-addons.sls

@@ -60,6 +60,26 @@
     - dir_mode: 755
     - makedirs: True
 
+{%- if 'RBAC' in master.auth.get('mode', "") %}
+
+/etc/kubernetes/addons/helm/helm-role.yml:
+  file.managed:
+    - source: salt://kubernetes/files/kube-addons/helm/helm-role.yml
+    - template: jinja
+    - group: root
+    - dir_mode: 755
+    - makedirs: True
+
+/etc/kubernetes/addons/helm/helm-serviceaccount.yml:
+  file.managed:
+    - source: salt://kubernetes/files/kube-addons/helm/helm-serviceaccount.yml
+    - template: jinja
+    - group: root
+    - dir_mode: 755
+    - makedirs: True
+
+{%- endif %}
+
 {% endif %}
 
 {%- if common.addons.storageclass is defined %}
commit	e7480ecbb6a6a6c2d9bda6b98a925e34649b291e	[log] [tgz]
author	Jakub Josef <jjosef@mirantis.com>	Wed Jan 31 12:12:23 2018 +0000
committer	Gerrit Code Review <gerrit2@56fc70e46927>	Wed Jan 31 12:12:23 2018 +0000
tree	0125d690d8cf94e53f48d784b17fb2728ebf99e1
parent	584c25e4fab8d3eabb8b15767705446474aea147 [diff]
parent	bb5a8422520dc7b3207649f98c891d47eb8e3015 [diff]