commit b22550e5845ee95e913a7f1d6b9e6386c3d44ecb
author giolekva <giolekva@gmail.com> Tue May 12 22:09:03 2020 +0400
committer giolekva <giolekva@gmail.com> Tue May 12 22:09:03 2020 +0400
tree 3a29222624ab12efbc6d30ce99089ef74f96abc3
parent 70e385dc12736d64f1b66f9fba4f85ff118f30c1

app-manager: install.yaml with role bindings

appmanager/install.yaml

diff --git a/appmanager/install.yaml b/appmanager/install.yaml
new file mode 100644
index 0000000..103fda5
--- /dev/null
+++ b/appmanager/install.yaml
@@ -0,0 +1,95 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: pcloud-app-manager
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: app-manager
+  namespace: pcloud-app-manager
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: deploy-apps
+rules:
+  - apiGroups: [""]
+    resources: ["namespaces", "services", "pods", "secrets"]
+    verbs: ["*"]
+  - apiGroups: ["apps"]
+    resources: ["deployments", "statefulsets"]
+    verbs: ["*"]
+  - apiGroups: ["traefik.containo.us"]
+    resources: ["ingressroutes"]
+    verbs: ["*"] 
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: deploy-apps-to-sa
+subjects:
+  - kind: ServiceAccount
+    name: app-manager
+    namespace: pcloud-app-manager
+roleRef:
+  kind: ClusterRole
+  name: deploy-apps
+  apiGroup: rbac.authorization.k8s.io
+---
+kind: Service 
+apiVersion: v1
+metadata:
+  name: app-manager
+  namespace: pcloud-app-manager
+spec:
+  type: ClusterIP
+  selector:
+    app: app-manager
+  ports:
+    - nodePort: 
+      port: 80
+      targetPort: 1234
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: ingress
+  namespace: pcloud-app-manager
+spec:
+  entryPoints:
+    - web
+  routes:
+  - kind: Rule
+    match: PathPrefix(`/app-manager`)
+    services:
+    - kind: Service
+      name: app-manager
+      namespace: pcloud-app-manager
+      passHostHeader: true
+      port: 80
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: app-manager
+  namespace: pcloud-app-manager
+spec:
+  selector:
+    matchLabels:
+      app: app-manager
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: app-manager
+    spec:
+      serviceAccountName: app-manager
+      containers:
+      - name: app-manager
+        image: giolekva/pcloud-app-manager:latest
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 1234
+        command: ["app-manager", "--logtostderr", "--port=1234", "--api_addr=http://api.pcloud.svc:1111/add_schema", "--helm_bin=/usr/bin/helm"]