---
kind: Namespace
apiVersion: v1
metadata:
name: NAMESPACE
labels:
name: NAMESPACE
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: tiller
namespace: NAMESPACE
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: tiller-manager
namespace: NAMESPACE
rules:
- apiGroups: ["", "batch", "extensions", "apps"]
resources: ["*"]
verbs: ["*"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: tiller-binding
namespace: NAMESPACE
subjects:
- kind: ServiceAccount
name: tiller
namespace: NAMESPACE
roleRef:
kind: Role
name: tiller-manager
apiGroup: rbac.authorization.k8s.io
GCP_ACCOUNT=$(gcloud auth list --filter=status:ACTIVE --format="value(account)" )
export KUBECONFIG=/circleci/.kube/config.all
for ctx in $(kubectl config get-contexts -o name); do
for NS in infra web backend monitoring ; do
if helm --kube-context="${ctx}" ls --tiller-namespace=${NS} ; then
helm --kube-context="${ctx}" init --service-account tiller --tiller-namespace $NS --client-only
else
kubectl --context="${ctx}" apply -f <(sed -e "s/NAMESPACE/${NS}/" k8s/tiller/tiller.yaml)
kubectl --context="${ctx}" -n ${NS} create clusterrolebinding user-admin --clusterrole=cluster-admin --user=${GCP_ACCOUNT}
kubectl --context="${ctx}" apply -f <(sed -e "s/NAMESPACE/${NS}/" k8s/tiller/role-tiller.yaml)
kubectl --context="${ctx}" -n ${NS} delete clusterrolebinding user-admin
helm --kube-context="${ctx}" init --service-account tiller --tiller-namespace $NS --wait
fi
done
done
