apiVersion: v1 kind: Namespace metadata: name: jayme annotations: net.beta.kubernetes.io/network-policy: '{"ingress":{"isolation":"DefaultDeny"}}' --- apiVersion: v1 kind: ServiceAccount metadata: name: tiller namespace: jayme --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: tiller namespace: jayme roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: tiller subjects: - kind: ServiceAccount name: tiller namespace: jayme --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: allow-restricted-psp namespace: jayme roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: allow-restricted-psp subjects: - apiGroup: rbac.authorization.k8s.io kind: Group name: system:serviceaccounts:jayme --- apiVersion: apps/v1 kind: Deployment metadata: name: tiller namespace: jayme spec: progressDeadlineSeconds: 600 replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: app: helm name: tiller strategy: rollingUpdate: maxSurge: 1 maxUnavailable: 1 type: RollingUpdate template: metadata: labels: app: helm name: tiller spec: containers: - env: - name: TILLER_NAMESPACE value: jayme - name: TILLER_HISTORY_MAX value: "0" - name: KUBERNETES_SERVICE_HOST value: kubernetes.default.svc.cluster.local - name: KUBERNETES_SERVICE_PORT value: "443" image: docker-registry.discovery.wmnet/tiller:2.16.7-3 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /liveness port: 44135 scheme: HTTP initialDelaySeconds: 1 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 name: tiller ports: - containerPort: 44134 name: tiller protocol: TCP - containerPort: 44135 name: http protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /readiness port: 44135 scheme: HTTP initialDelaySeconds: 1 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 dnsPolicy: ClusterFirst restartPolicy: Always schedulerName: default-scheduler serviceAccount: tiller serviceAccountName: tiller terminationGracePeriodSeconds: 30