Code Review / iec.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Re-org the IEC repo to adapt to actual deployment
[iec.git] / src / foundation / scripts / helm.sh
diff --git a/src/foundation/scripts/helm.sh b/src/foundation/scripts/helm.sh
new file mode 100755 (executable)
index 0000000..3f575d2
--- /dev/null
+++ b/src/foundation/scripts/helm.sh
@@ -0,0 +1,44 @@
+#!/bin/bash -ex
+
+VERSION='v2.12.3'
+TILLER_SA_RBAC=~/tiller-rbac.yaml
+if [ "$(uname -m)" == 'aarch64' ]; then
+  FLAVOR='linux-arm64'
+else
+  FLAVOR='linux-amd64'
+fi
+
+URI_ROOT='https://storage.googleapis.com/kubernetes-helm'
+TGZ_NAME="helm-${VERSION}-${FLAVOR}.tar.gz"
+
+if [ ! -e /usr/bin/helm ] || [ ! -e /usr/bin/tiller ]; then
+  wget -O "/tmp/${TGZ_NAME}" "${URI_ROOT}/${TGZ_NAME}"
+  sudo tar xpPf "/tmp/${TGZ_NAME}" --overwrite \
+    --transform "s|${FLAVOR}|/usr/bin|" "${FLAVOR}/"{helm,tiller}
+  rm -f "/tmp/${TGZ_NAME}"
+fi
+
+if ! kubectl get serviceaccounts --namespace=kube-system | grep -q tiller; then
+  cat <<EOF > "${TILLER_SA_RBAC}"
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: tiller
+  namespace: kube-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: tiller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+  - kind: ServiceAccount
+    name: tiller
+    namespace: kube-system
+EOF
+  kubectl create -f "${TILLER_SA_RBAC}"
+  helm init --service-account tiller --tiller-image="jessestuart/tiller:${VERSION}"
+fi