From 9dedfc1690790d6a06b0fdd0f5c5ded1a8d8beb5 Mon Sep 17 00:00:00 2001 From: Fleur Kelpin Date: Fri, 21 Sep 2018 15:09:05 +0200 Subject: [PATCH] doc: How to configure helm role --- molgenis-jenkins/resources/README.md | 6 ++++++ ...enkins-default-tiller-user-rolebinding.yaml | 13 +++++++++++++ .../resources/tiller-user-role.yaml | 18 ++++++++++++++++++ 3 files changed, 37 insertions(+) create mode 100644 molgenis-jenkins/resources/README.md create mode 100644 molgenis-jenkins/resources/jenkins-default-tiller-user-rolebinding.yaml create mode 100644 molgenis-jenkins/resources/tiller-user-role.yaml diff --git a/molgenis-jenkins/resources/README.md b/molgenis-jenkins/resources/README.md new file mode 100644 index 0000000..67bf687 --- /dev/null +++ b/molgenis-jenkins/resources/README.md @@ -0,0 +1,6 @@ +To be able to run helm inside a jenkins pod, you'll need to +* create a role in the namespace where tiller is installed +* bind that role to the user that jenkins pods run as + +This directory contains yaml for these resources. +See also https://github.com/helm/helm/blob/master/docs/rbac.md \ No newline at end of file diff --git a/molgenis-jenkins/resources/jenkins-default-tiller-user-rolebinding.yaml b/molgenis-jenkins/resources/jenkins-default-tiller-user-rolebinding.yaml new file mode 100644 index 0000000..04aa1f7 --- /dev/null +++ b/molgenis-jenkins/resources/jenkins-default-tiller-user-rolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: tiller-jenkins-binding + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: tiller-user +subjects: +- kind: ServiceAccount + name: default + namespace: molgenis-jenkins \ No newline at end of file diff --git a/molgenis-jenkins/resources/tiller-user-role.yaml b/molgenis-jenkins/resources/tiller-user-role.yaml new file mode 100644 index 0000000..5555442 --- /dev/null +++ b/molgenis-jenkins/resources/tiller-user-role.yaml @@ -0,0 +1,18 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + name: tiller-user + namespace: kube-system +rules: +- apiGroups: + - "" + resources: + - pods/portforward + verbs: + - create +- apiGroups: + - "" + resources: + - pods + verbs: + - list \ No newline at end of file