Add option to change the Tiller Deployment namespace.

roles/kubernetes-apps/helm/templates/tiller-clusterrolebinding.yml

@@ -1,14 +0,0 @@
----
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1beta1
-metadata:
-  name: tiller
-  namespace: kube-system
-subjects:
-  - kind: ServiceAccount
-    name: tiller
-    namespace: kube-system
-roleRef:
-  kind: ClusterRole
-  name: cluster-admin
-  apiGroup: rbac.authorization.k8s.io

roles/kubernetes-apps/helm/templates/tiller-clusterrolebinding.yml.j2

@@ -0,0 +1,29 @@
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: tiller
+  namespace: {{ tiller_namespace }}
+subjects:
+  - kind: ServiceAccount
+    name: tiller
+    namespace: {{ tiller_namespace }}
+roleRef:
+  kind: ClusterRole
+  name: cluster-admin
+  apiGroup: rbac.authorization.k8s.io
+{% if podsecuritypolicy_enabled %}
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: psp:tiller
+subjects:
+  - kind: ServiceAccount
+    name: tiller
+    namespace: {{ tiller_namespace }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: psp:privileged
+{% endif %}

roles/kubernetes-apps/helm/templates/tiller-namespace.yml.j2

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: "{{ tiller_namespace}}"

roles/kubernetes-apps/helm/templates/tiller-sa.yml.j2

@@ -3,6 +3,6 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: tiller
-  namespace: kube-system
+  namespace: {{ tiller_namespace }}
   labels:
     kubernetes.io/cluster-service: "true"