epostnikof/kubespray
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-03-10 04:08:02 +03:00
Code Issues Packages Projects Releases Wiki Activity

add option to secure helm tiller with tls

Browse Source
This commit is contained in:
georgejdli
2018-09-06 10:14:18 -05:00
committed by Li, George (gl741q)
parent 7bf09945f2
commit b891d77679
4 changed files with 212 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
roles/kubernetes-apps/helm/defaults/main.yml
View File

@@ -10,6 +10,24 @@ helm_deployment_type: host
# Do not download the local repository cache on helm init
helm_skip_refresh: false
# Secure Tiller installation with TLS
tiller_enable_tls: false
helm_config_dir: "{{ kube_config_dir }}/helm"
helm_script_dir: "{{ bin_dir }}/helm-scripts"
# Store tiller release information as Secret instead of a ConfigMap
tiller_secure_release_info: false
# Where private root key will be secured for TLS
helm_tiller_cert_dir: "{{ helm_config_dir }}/ssl"
tiller_tls_cert: "{{ helm_tiller_cert_dir }}/tiller.pem"
tiller_tls_key: "{{ helm_tiller_cert_dir }}/tiller-key.pem"
tiller_tls_ca_cert: "{{ helm_tiller_cert_dir }}/ca.pem"
# Permission owner and group for helm client cert. Will be dependent on the helm_home_dir
helm_cert_group: root
helm_cert_owner: root
# Set URL for stable repository
# helm_stable_repo_url: "https://kubernetes-charts.storage.googleapis.com"