Merge pull request #3784 from jkoleszar/tiller-rbac

Fix tiller deployment on RBAC clusters

Merge pull request #3784 from jkoleszar/tiller-rbac
Fix tiller deployment on RBAC clusters
3ba2a009 · Taylor Thomas · GitHub · 9654c616 · 1e03f1bc · 3ba2a009
Unverified Commit 3ba2a009 authored Apr 03, 2018 by Taylor Thomas Committed by GitHub Apr 03, 2018
Show whitespace changes
Inline Side-by-side

Showing with 5 additions and 0 deletions

install.go cmd/helm/installer/install.go +2 -0

install_test.go cmd/helm/installer/install_test.go +3 -0

No files found.
--- a/cmd/helm/installer/install.go
+++ b/cmd/helm/installer/install.go
@@ -176,6 +176,7 @@ func generateDeployment(opts *Options) (*v1beta1.Deployment, error) {
 			return nil, err
 		}
 	}
+	automountServiceAccountToken := opts.ServiceAccount != ""
 	d := &v1beta1.Deployment{
 		ObjectMeta: metav1.ObjectMeta{
 			Namespace: opts.Namespace,
@@ -190,6 +191,7 @@ func generateDeployment(opts *Options) (*v1beta1.Deployment, error) {
 				},
 				Spec: v1.PodSpec{
 					ServiceAccountName:           opts.ServiceAccount,
+					AutomountServiceAccountToken: &automountServiceAccountToken,
 					Containers: []v1.Container{
 						{
 							Name:            "tiller",

--- a/cmd/helm/installer/install_test.go
+++ b/cmd/helm/installer/install_test.go
@@ -96,6 +96,9 @@ func TestDeploymentManifestForServiceAccount(t *testing.T) {
 		if got := d.Spec.Template.Spec.ServiceAccountName; got != tt.serviceAccount {
 			t.Errorf("%s: expected service account value %q, got %q", tt.name, tt.serviceAccount, got)
 		}
+		if got := *d.Spec.Template.Spec.AutomountServiceAccountToken; got != (tt.serviceAccount != "") {
+			t.Errorf("%s: unexpected automountServiceAccountToken = %t for serviceAccount %q", tt.name, got, tt.serviceAccount)
+		}
 	}
 }