commit 4ec4c0232ca1681e96dc0cd0f6e1de32c72e5ea0
author Giorgi Lekveishvili <lekva@gl-mbp-m1-max.local> Sat Aug 17 15:09:24 2024 +0400
committer Giorgi Lekveishvili <lekva@gl-mbp-m1-max.local> Sat Aug 17 15:09:24 2024 +0400
tree b43c5f4e56145b66c2cbc4eb20fbc11b84eef105
parent 924c61fd74046934228aa1fd58b88b3156cfdb29

update

charts/env-manager/templates/install.yaml

diff --git a/charts/env-manager/templates/install.yaml b/charts/env-manager/templates/install.yaml
new file mode 100644
index 0000000..dd14caf
--- /dev/null
+++ b/charts/env-manager/templates/install.yaml
@@ -0,0 +1,94 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Values.clusterRoleName }}
+rules: # TODO(gio): restrict to ns create and dnszone get
+- apiGroups:
+  - "*"
+  resources:
+  - "*"
+  verbs:
+  - "*"
+# - apiGroups:
+#   - ""
+#   resources:
+#   - namespaces
+#   verbs:
+#   - create
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ .Values.clusterRoleName }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Values.clusterRoleName }}
+subjects:
+- kind: ServiceAccount
+  name: default
+  namespace: {{ .Release.Namespace }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: ssh-key
+type: Opaque
+data:
+  private: {{ .Values.sshPrivateKey }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: env-manager
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    metallb.universe.tf/address-pool: local
+spec:
+  type: LoadBalancer
+  selector:
+    app: env-manager
+  ports:
+  - name: http
+    port: 80
+    targetPort: http
+    protocol: TCP
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: env-manager
+  namespace: {{ .Release.Namespace }}
+spec:
+  selector:
+    matchLabels:
+      app: env-manager
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: env-manager
+    spec:
+      volumes:
+      - name: ssh-key
+        secret:
+          secretName: ssh-key
+      containers:
+      - name: env-manager
+        image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        ports:
+        - name: http
+          containerPort: 8080
+          protocol: TCP
+        command:
+        - pcloud-installer
+        - envmanager
+        - --repo-addr={{ .Values.repoIP }}:{{ .Values.repoPort }}
+        - --repo-name={{ .Values.repoName }}
+        - --ssh-key=/pcloud/ssh-key/private
+        - --port=8080
+        volumeMounts:
+        - name: ssh-key
+          readOnly: true
+          mountPath: /pcloud/ssh-key