dns-zone-controller: with env-manager generating dnssec key and zone records
diff --git a/core/ns-controller/config/manager/controller_manager_config.yaml b/core/ns-controller/config/manager/controller_manager_config.yaml
new file mode 100644
index 0000000..875dc1b
--- /dev/null
+++ b/core/ns-controller/config/manager/controller_manager_config.yaml
@@ -0,0 +1,21 @@
+apiVersion: controller-runtime.sigs.k8s.io/v1alpha1
+kind: ControllerManagerConfig
+health:
+ healthProbeBindAddress: :8081
+metrics:
+ bindAddress: 127.0.0.1:8080
+webhook:
+ port: 9443
+leaderElection:
+ leaderElect: true
+ resourceName: c1db6143.dodo.cloud
+# leaderElectionReleaseOnCancel defines if the leader should step down volume
+# when the Manager ends. This requires the binary to immediately end when the
+# Manager is stopped, otherwise, this setting is unsafe. Setting this significantly
+# speeds up voluntary leader transitions as the new leader don't have to wait
+# LeaseDuration time first.
+# In the default scaffold provided, the program ends immediately after
+# the manager stops, so would be fine to enable this option. However,
+# if you are doing or is intended to do any operation such as perform cleanups
+# after the manager stops then its usage might be unsafe.
+# leaderElectionReleaseOnCancel: true
diff --git a/core/ns-controller/config/manager/kustomization.yaml b/core/ns-controller/config/manager/kustomization.yaml
new file mode 100644
index 0000000..356255a
--- /dev/null
+++ b/core/ns-controller/config/manager/kustomization.yaml
@@ -0,0 +1,16 @@
+resources:
+- manager.yaml
+
+generatorOptions:
+ disableNameSuffixHash: true
+
+configMapGenerator:
+- files:
+ - controller_manager_config.yaml
+ name: manager-config
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+images:
+- name: controller
+ newName: giolekva/dns-ns-controller
+ newTag: latest
diff --git a/core/ns-controller/config/manager/manager.yaml b/core/ns-controller/config/manager/manager.yaml
new file mode 100644
index 0000000..878ad48
--- /dev/null
+++ b/core/ns-controller/config/manager/manager.yaml
@@ -0,0 +1,70 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+ labels:
+ control-plane: controller-manager
+ name: system
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: controller-manager
+ namespace: system
+ labels:
+ control-plane: controller-manager
+spec:
+ selector:
+ matchLabels:
+ control-plane: controller-manager
+ replicas: 1
+ template:
+ metadata:
+ annotations:
+ kubectl.kubernetes.io/default-container: manager
+ labels:
+ control-plane: controller-manager
+ spec:
+ securityContext:
+ runAsNonRoot: true
+ # TODO(user): For common cases that do not require escalating privileges
+ # it is recommended to ensure that all your Pods/Containers are restrictive.
+ # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
+ # Please uncomment the following code if your project does NOT have to work on old Kubernetes
+ # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ).
+ # seccompProfile:
+ # type: RuntimeDefault
+ containers:
+ - command:
+ - /manager
+ args:
+ - --leader-elect
+ image: controller:latest
+ name: manager
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - "ALL"
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: 8081
+ initialDelaySeconds: 15
+ periodSeconds: 20
+ readinessProbe:
+ httpGet:
+ path: /readyz
+ port: 8081
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ # TODO(user): Configure the resources accordingly based on the project requirements.
+ # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ resources:
+ limits:
+ cpu: 500m
+ memory: 128Mi
+ requests:
+ cpu: 10m
+ memory: 64Mi
+ serviceAccountName: controller-manager
+ terminationGracePeriodSeconds: 10