charts/headscale-controller/templates/install.yaml - pcloud - Gitiles

 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.9.2
   creationTimestamp: null
   name: headscaleusers.headscale.dodo.cloud
 spec:
   group: headscale.dodo.cloud
   names:
     kind: HeadscaleUser
     listKind: HeadscaleUserList
     plural: headscaleusers
     singular: headscaleuser
   scope: Namespaced
   versions:
   - name: v1
     schema:
       openAPIV3Schema:
         description: HeadscaleUser is the Schema for the headscaleusers API
         properties:
           apiVersion:
             description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
             type: string
           kind:
             description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
             type: string
           metadata:
             type: object
           spec:
             description: HeadscaleUserSpec defines the desired state of HeadscaleUser
             properties:
               name:
                 type: string
               preAuthKey:
                 properties:
                   enabled:
                     type: boolean
                   secretName:
                     type: string
                 type: object
             type: object
           status:
             description: HeadscaleUserStatus defines the observed state of HeadscaleUser
             properties:
               ready:
                 type: boolean
             type: object
         type: object
     served: true
     storage: true
     subresources:
       status: {}
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: controller-controller-manager
   namespace: {{ .Release.Namespace }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   name: controller-leader-election-role
   namespace: {{ .Release.Namespace }}
 rules:
 - apiGroups:
   - ""
   resources:
   - configmaps
   verbs:
   - get
   - list
   - watch
   - create
   - update
   - patch
   - delete
 - apiGroups:
   - coordination.k8s.io
   resources:
   - leases
   verbs:
   - get
   - list
   - watch
   - create
   - update
   - patch
   - delete
 - apiGroups:
   - ""
   resources:
   - events
   verbs:
   - create
   - patch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   creationTimestamp: null
   name: controller-manager-role
 rules:
 - apiGroups:
   - ""
   resources:
   - secrets
   verbs:
   - create
   - delete
   - get
   - list
   - patch
   - update
   - watch
 - apiGroups:
   - headscale.dodo.cloud
   resources:
   - headscaleusers
   verbs:
   - create
   - delete
   - get
   - list
   - patch
   - update
   - watch
 - apiGroups:
   - headscale.dodo.cloud
   resources:
   - headscaleusers/finalizers
   verbs:
   - update
 - apiGroups:
   - headscale.dodo.cloud
   resources:
   - headscaleusers/status
   verbs:
   - get
   - patch
   - update
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   name: controller-metrics-reader
 rules:
 - nonResourceURLs:
   - /metrics
   verbs:
   - get
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   name: controller-proxy-role
 rules:
 - apiGroups:
   - authentication.k8s.io
   resources:
   - tokenreviews
   verbs:
   - create
 - apiGroups:
   - authorization.k8s.io
   resources:
   - subjectaccessreviews
   verbs:
   - create
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   name: controller-leader-election-rolebinding
   namespace: {{ .Release.Namespace }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
   name: controller-leader-election-role
 subjects:
 - kind: ServiceAccount
   name: controller-controller-manager
   namespace: {{ .Release.Namespace }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   name: controller-manager-rolebinding
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
   name: controller-manager-role
 subjects:
 - kind: ServiceAccount
   name: controller-controller-manager
   namespace: {{ .Release.Namespace }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   name: controller-proxy-rolebinding
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
   name: controller-proxy-role
 subjects:
 - kind: ServiceAccount
   name: controller-controller-manager
   namespace: {{ .Release.Namespace }}
 ---
 apiVersion: v1
 data:
   controller_manager_config.yaml: |
     apiVersion: controller-runtime.sigs.k8s.io/v1alpha1
     kind: ControllerManagerConfig
     health:
       healthProbeBindAddress: :8081
     metrics:
       bindAddress: 127.0.0.1:8080
     webhook:
       port: 9443
     leaderElection:
       leaderElect: true
       resourceName: 798a733c.dodo.cloud
     # leaderElectionReleaseOnCancel defines if the leader should step down volume
     # when the Manager ends. This requires the binary to immediately end when the
     # Manager is stopped, otherwise, this setting is unsafe. Setting this significantly
     # speeds up voluntary leader transitions as the new leader don't have to wait
     # LeaseDuration time first.
     # In the default scaffold provided, the program ends immediately after
     # the manager stops, so would be fine to enable this option. However,
     # if you are doing or is intended to do any operation such as perform cleanups
     # after the manager stops then its usage might be unsafe.
     # leaderElectionReleaseOnCancel: true
 kind: ConfigMap
 metadata:
   name: controller-manager-config
   namespace: {{ .Release.Namespace }}
 ---
 apiVersion: v1
 kind: Service
 metadata:
   labels:
     control-plane: controller-manager
   name: controller-controller-manager-metrics-service
   namespace: {{ .Release.Namespace }}
 spec:
   ports:
   - name: https
     port: 8443
     protocol: TCP
     targetPort: https
   selector:
     control-plane: controller-manager
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   labels:
     control-plane: controller-manager
   name: controller-controller-manager
   namespace: {{ .Release.Namespace }}
 spec:
   replicas: 1
   selector:
     matchLabels:
       control-plane: controller-manager
   template:
     metadata:
       annotations:
         kubectl.kubernetes.io/default-container: manager
       labels:
         control-plane: controller-manager
     spec:
       containers:
       - args:
         - --secure-listen-address=0.0.0.0:8443
         - --upstream=http://127.0.0.1:8080/
         - --logtostderr=true
         - --v=0
         image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.0
         name: kube-rbac-proxy
         ports:
         - containerPort: 8443
           name: https
           protocol: TCP
         resources:
           limits:
             cpu: 500m
             memory: 128Mi
           requests:
             cpu: 5m
             memory: 64Mi
         securityContext:
           allowPrivilegeEscalation: false
           capabilities:
             drop:
             - ALL
       - args:
         - --health-probe-bind-address=:8081
         - --metrics-bind-address=127.0.0.1:8080
         - --leader-elect
         command:
         - /manager
         image: giolekva/headscale-controller:latest
         imagePullPolicy: Always
         livenessProbe:
           httpGet:
             path: /healthz
             port: 8081
           initialDelaySeconds: 15
           periodSeconds: 20
         name: manager
         readinessProbe:
           httpGet:
             path: /readyz
             port: 8081
           initialDelaySeconds: 5
           periodSeconds: 10
         resources:
           limits:
             cpu: 500m
             memory: 128Mi
           requests:
             cpu: 10m
             memory: 64Mi
         securityContext:
           allowPrivilegeEscalation: false
           capabilities:
             drop:
             - ALL
       securityContext:
         runAsNonRoot: true
       serviceAccountName: controller-controller-manager
       terminationGracePeriodSeconds: 10
	apiVersion: apiextensions.k8s.io/v1
	kind: CustomResourceDefinition
	metadata:
	annotations:
	controller-gen.kubebuilder.io/version: v0.9.2
	creationTimestamp: null
	name: headscaleusers.headscale.dodo.cloud
	spec:
	group: headscale.dodo.cloud
	names:
	kind: HeadscaleUser
	listKind: HeadscaleUserList
	plural: headscaleusers
	singular: headscaleuser
	scope: Namespaced
	versions:
	- name: v1
	schema:
	openAPIV3Schema:
	description: HeadscaleUser is the Schema for the headscaleusers API
	properties:
	apiVersion:
	description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
	type: string
	kind:
	description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
	type: string
	metadata:
	type: object
	spec:
	description: HeadscaleUserSpec defines the desired state of HeadscaleUser
	properties:
	name:
	type: string
	preAuthKey:
	properties:
	enabled:
	type: boolean
	secretName:
	type: string
	type: object
	type: object
	status:
	description: HeadscaleUserStatus defines the observed state of HeadscaleUser
	properties:
	ready:
	type: boolean
	type: object
	type: object
	served: true
	storage: true
	subresources:
	status: {}
	---
	apiVersion: v1
	kind: ServiceAccount
	metadata:
	name: controller-controller-manager
	namespace: {{ .Release.Namespace }}
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: Role
	metadata:
	name: controller-leader-election-role
	namespace: {{ .Release.Namespace }}
	rules:
	- apiGroups:
	- ""
	resources:
	- configmaps
	verbs:
	- get
	- list
	- watch
	- create
	- update
	- patch
	- delete
	- apiGroups:
	- coordination.k8s.io
	resources:
	- leases
	verbs:
	- get
	- list
	- watch
	- create
	- update
	- patch
	- delete
	- apiGroups:
	- ""
	resources:
	- events
	verbs:
	- create
	- patch
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRole
	metadata:
	creationTimestamp: null
	name: controller-manager-role
	rules:
	- apiGroups:
	- ""
	resources:
	- secrets
	verbs:
	- create
	- delete
	- get
	- list
	- patch
	- update
	- watch
	- apiGroups:
	- headscale.dodo.cloud
	resources:
	- headscaleusers
	verbs:
	- create
	- delete
	- get
	- list
	- patch
	- update
	- watch
	- apiGroups:
	- headscale.dodo.cloud
	resources:
	- headscaleusers/finalizers
	verbs:
	- update
	- apiGroups:
	- headscale.dodo.cloud
	resources:
	- headscaleusers/status
	verbs:
	- get
	- patch
	- update
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRole
	metadata:
	name: controller-metrics-reader
	rules:
	- nonResourceURLs:
	- /metrics
	verbs:
	- get
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRole
	metadata:
	name: controller-proxy-role
	rules:
	- apiGroups:
	- authentication.k8s.io
	resources:
	- tokenreviews
	verbs:
	- create
	- apiGroups:
	- authorization.k8s.io
	resources:
	- subjectaccessreviews
	verbs:
	- create
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: RoleBinding
	metadata:
	name: controller-leader-election-rolebinding
	namespace: {{ .Release.Namespace }}
	roleRef:
	apiGroup: rbac.authorization.k8s.io
	kind: Role
	name: controller-leader-election-role
	subjects:
	- kind: ServiceAccount
	name: controller-controller-manager
	namespace: {{ .Release.Namespace }}
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRoleBinding
	metadata:
	name: controller-manager-rolebinding
	roleRef:
	apiGroup: rbac.authorization.k8s.io
	kind: ClusterRole
	name: controller-manager-role
	subjects:
	- kind: ServiceAccount
	name: controller-controller-manager
	namespace: {{ .Release.Namespace }}
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRoleBinding
	metadata:
	name: controller-proxy-rolebinding
	roleRef:
	apiGroup: rbac.authorization.k8s.io
	kind: ClusterRole
	name: controller-proxy-role
	subjects:
	- kind: ServiceAccount
	name: controller-controller-manager
	namespace: {{ .Release.Namespace }}
	---
	apiVersion: v1
	data:
	controller_manager_config.yaml: \|
	apiVersion: controller-runtime.sigs.k8s.io/v1alpha1
	kind: ControllerManagerConfig
	health:
	healthProbeBindAddress: :8081
	metrics:
	bindAddress: 127.0.0.1:8080
	webhook:
	port: 9443
	leaderElection:
	leaderElect: true
	resourceName: 798a733c.dodo.cloud
	# leaderElectionReleaseOnCancel defines if the leader should step down volume
	# when the Manager ends. This requires the binary to immediately end when the
	# Manager is stopped, otherwise, this setting is unsafe. Setting this significantly
	# speeds up voluntary leader transitions as the new leader don't have to wait
	# LeaseDuration time first.
	# In the default scaffold provided, the program ends immediately after
	# the manager stops, so would be fine to enable this option. However,
	# if you are doing or is intended to do any operation such as perform cleanups
	# after the manager stops then its usage might be unsafe.
	# leaderElectionReleaseOnCancel: true
	kind: ConfigMap
	metadata:
	name: controller-manager-config
	namespace: {{ .Release.Namespace }}
	---
	apiVersion: v1
	kind: Service
	metadata:
	labels:
	control-plane: controller-manager
	name: controller-controller-manager-metrics-service
	namespace: {{ .Release.Namespace }}
	spec:
	ports:
	- name: https
	port: 8443
	protocol: TCP
	targetPort: https
	selector:
	control-plane: controller-manager
	---
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	labels:
	control-plane: controller-manager
	name: controller-controller-manager
	namespace: {{ .Release.Namespace }}
	spec:
	replicas: 1
	selector:
	matchLabels:
	control-plane: controller-manager
	template:
	metadata:
	annotations:
	kubectl.kubernetes.io/default-container: manager
	labels:
	control-plane: controller-manager
	spec:
	containers:
	- args:
	- --secure-listen-address=0.0.0.0:8443
	- --upstream=http://127.0.0.1:8080/
	- --logtostderr=true
	- --v=0
	image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.0
	name: kube-rbac-proxy
	ports:
	- containerPort: 8443
	name: https
	protocol: TCP
	resources:
	limits:
	cpu: 500m
	memory: 128Mi
	requests:
	cpu: 5m
	memory: 64Mi
	securityContext:
	allowPrivilegeEscalation: false
	capabilities:
	drop:
	- ALL
	- args:
	- --health-probe-bind-address=:8081
	- --metrics-bind-address=127.0.0.1:8080
	- --leader-elect
	command:
	- /manager
	image: giolekva/headscale-controller:latest
	imagePullPolicy: Always
	livenessProbe:
	httpGet:
	path: /healthz
	port: 8081
	initialDelaySeconds: 15
	periodSeconds: 20
	name: manager
	readinessProbe:
	httpGet:
	path: /readyz
	port: 8081
	initialDelaySeconds: 5
	periodSeconds: 10
	resources:
	limits:
	cpu: 500m
	memory: 128Mi
	requests:
	cpu: 10m
	memory: 64Mi
	securityContext:
	allowPrivilegeEscalation: false
	capabilities:
	drop:
	- ALL
	securityContext:
	runAsNonRoot: true
	serviceAccountName: controller-controller-manager
	terminationGracePeriodSeconds: 10