From 9dedfc1690790d6a06b0fdd0f5c5ded1a8d8beb5 Mon Sep 17 00:00:00 2001
From: Fleur Kelpin <f.kelpin@umcg.nl>
Date: Fri, 21 Sep 2018 15:09:05 +0200
Subject: [PATCH] doc: How to configure helm role

---
 molgenis-jenkins/resources/README.md           |  6 ++++++
 ...enkins-default-tiller-user-rolebinding.yaml | 13 +++++++++++++
 .../resources/tiller-user-role.yaml            | 18 ++++++++++++++++++
 3 files changed, 37 insertions(+)
 create mode 100644 molgenis-jenkins/resources/README.md
 create mode 100644 molgenis-jenkins/resources/jenkins-default-tiller-user-rolebinding.yaml
 create mode 100644 molgenis-jenkins/resources/tiller-user-role.yaml

diff --git a/molgenis-jenkins/resources/README.md b/molgenis-jenkins/resources/README.md
new file mode 100644
index 0000000..67bf687
--- /dev/null
+++ b/molgenis-jenkins/resources/README.md
@@ -0,0 +1,6 @@
+To be able to run helm inside a jenkins pod, you'll need to 
+* create a role in the namespace where tiller is installed
+* bind that role to the user that jenkins pods run as
+
+This directory contains yaml for these resources.
+See also https://github.com/helm/helm/blob/master/docs/rbac.md
\ No newline at end of file
diff --git a/molgenis-jenkins/resources/jenkins-default-tiller-user-rolebinding.yaml b/molgenis-jenkins/resources/jenkins-default-tiller-user-rolebinding.yaml
new file mode 100644
index 0000000..04aa1f7
--- /dev/null
+++ b/molgenis-jenkins/resources/jenkins-default-tiller-user-rolebinding.yaml
@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: RoleBinding
+metadata:
+  name: tiller-jenkins-binding
+  namespace: kube-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: tiller-user
+subjects:
+- kind: ServiceAccount
+  name: default
+  namespace: molgenis-jenkins
\ No newline at end of file
diff --git a/molgenis-jenkins/resources/tiller-user-role.yaml b/molgenis-jenkins/resources/tiller-user-role.yaml
new file mode 100644
index 0000000..5555442
--- /dev/null
+++ b/molgenis-jenkins/resources/tiller-user-role.yaml
@@ -0,0 +1,18 @@
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: Role
+metadata:
+  name: tiller-user
+  namespace: kube-system
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods/portforward
+  verbs:
+  - create
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - list
\ No newline at end of file