apiVersion: v1 kind: ServiceAccount metadata: name: tiller namespace: kube-system labels: kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile --- apiVersion: {{GetRBACAPIVersion}} kind: ClusterRoleBinding metadata: name: tiller labels: kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: tiller namespace: kube-system --- apiVersion: v1 kind: Service metadata: labels: app: helm name: tiller kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile name: tiller-deploy namespace: kube-system spec: ports: - name: tiller port: 44134 targetPort: tiller selector: app: helm name: tiller type: ClusterIP --- apiVersion: apps/v1 kind: Deployment metadata: labels: app: helm name: tiller kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile name: tiller-deploy namespace: kube-system spec: selector: matchLabels: app: helm name: tiller template: metadata: labels: app: helm name: tiller spec: serviceAccountName: tiller containers: - env: - name: TILLER_NAMESPACE value: kube-system - name: TILLER_HISTORY_MAX value: "{{ContainerConfig "max-history"}}" image: {{ContainerImage "tiller"}} imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: /liveness port: 44135 initialDelaySeconds: 1 timeoutSeconds: 1 name: tiller ports: - containerPort: 44134 name: tiller readinessProbe: httpGet: path: /readiness port: 44135 initialDelaySeconds: 1 timeoutSeconds: 1 resources: requests: cpu: {{ContainerCPUReqs "tiller"}} memory: {{ContainerMemReqs "tiller"}} limits: cpu: {{ContainerCPULimits "tiller"}} memory: {{ContainerMemLimits "tiller"}} nodeSelector: kubernetes.io/os: linux