Blame - charts/headscale-controller/templates/install.yaml - pcloud

blob: e1456676cd80f31681bb711ec66d57839994c474 [file] [log] [blame]

Giorgi Lekveishvili	ec0f3bb	2023-06-19 18:46:53 +0400	[diff] [blame]	1	apiVersion: apiextensions.k8s.io/v1
				2	kind: CustomResourceDefinition
				3	metadata:
				4	annotations:
				5	controller-gen.kubebuilder.io/version: v0.9.2
				6	creationTimestamp: null
				7	name: headscaleusers.headscale.dodo.cloud
				8	spec:
				9	group: headscale.dodo.cloud
				10	names:
				11	kind: HeadscaleUser
				12	listKind: HeadscaleUserList
				13	plural: headscaleusers
				14	singular: headscaleuser
				15	scope: Namespaced
				16	versions:
				17	- name: v1
				18	schema:
				19	openAPIV3Schema:
				20	description: HeadscaleUser is the Schema for the headscaleusers API
				21	properties:
				22	apiVersion:
				23	description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
				24	type: string
				25	kind:
				26	description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
				27	type: string
				28	metadata:
				29	type: object
				30	spec:
				31	description: HeadscaleUserSpec defines the desired state of HeadscaleUser
				32	properties:
Giorgi Lekveishvili	cb00749	2023-06-20 11:34:47 +0400	[diff] [blame^]	33	headscaleAddress:
				34	type: string
Giorgi Lekveishvili	ec0f3bb	2023-06-19 18:46:53 +0400	[diff] [blame]	35	name:
				36	type: string
				37	preAuthKey:
				38	properties:
				39	enabled:
				40	type: boolean
				41	secretName:
				42	type: string
				43	type: object
				44	type: object
				45	status:
				46	description: HeadscaleUserStatus defines the observed state of HeadscaleUser
				47	properties:
				48	ready:
				49	type: boolean
				50	type: object
				51	type: object
				52	served: true
				53	storage: true
				54	subresources:
				55	status: {}
				56	---
				57	apiVersion: v1
				58	kind: ServiceAccount
				59	metadata:
				60	name: controller-controller-manager
				61	namespace: {{ .Release.Namespace }}
				62	---
				63	apiVersion: rbac.authorization.k8s.io/v1
				64	kind: Role
				65	metadata:
				66	name: controller-leader-election-role
				67	namespace: {{ .Release.Namespace }}
				68	rules:
				69	- apiGroups:
				70	- ""
				71	resources:
				72	- configmaps
				73	verbs:
				74	- get
				75	- list
				76	- watch
				77	- create
				78	- update
				79	- patch
				80	- delete
				81	- apiGroups:
				82	- coordination.k8s.io
				83	resources:
				84	- leases
				85	verbs:
				86	- get
				87	- list
				88	- watch
				89	- create
				90	- update
				91	- patch
				92	- delete
				93	- apiGroups:
				94	- ""
				95	resources:
				96	- events
				97	verbs:
				98	- create
				99	- patch
				100	---
				101	apiVersion: rbac.authorization.k8s.io/v1
				102	kind: ClusterRole
				103	metadata:
				104	creationTimestamp: null
				105	name: controller-manager-role
				106	rules:
				107	- apiGroups:
				108	- ""
				109	resources:
				110	- secrets
				111	verbs:
				112	- create
				113	- delete
				114	- get
				115	- list
				116	- patch
				117	- update
				118	- watch
				119	- apiGroups:
				120	- headscale.dodo.cloud
				121	resources:
				122	- headscaleusers
				123	verbs:
				124	- create
				125	- delete
				126	- get
				127	- list
				128	- patch
				129	- update
				130	- watch
				131	- apiGroups:
				132	- headscale.dodo.cloud
				133	resources:
				134	- headscaleusers/finalizers
				135	verbs:
				136	- update
				137	- apiGroups:
				138	- headscale.dodo.cloud
				139	resources:
				140	- headscaleusers/status
				141	verbs:
				142	- get
				143	- patch
				144	- update
				145	---
				146	apiVersion: rbac.authorization.k8s.io/v1
				147	kind: ClusterRole
				148	metadata:
				149	name: controller-metrics-reader
				150	rules:
				151	- nonResourceURLs:
				152	- /metrics
				153	verbs:
				154	- get
				155	---
				156	apiVersion: rbac.authorization.k8s.io/v1
				157	kind: ClusterRole
				158	metadata:
				159	name: controller-proxy-role
				160	rules:
				161	- apiGroups:
				162	- authentication.k8s.io
				163	resources:
				164	- tokenreviews
				165	verbs:
				166	- create
				167	- apiGroups:
				168	- authorization.k8s.io
				169	resources:
				170	- subjectaccessreviews
				171	verbs:
				172	- create
				173	---
				174	apiVersion: rbac.authorization.k8s.io/v1
				175	kind: RoleBinding
				176	metadata:
				177	name: controller-leader-election-rolebinding
				178	namespace: {{ .Release.Namespace }}
				179	roleRef:
				180	apiGroup: rbac.authorization.k8s.io
				181	kind: Role
				182	name: controller-leader-election-role
				183	subjects:
				184	- kind: ServiceAccount
				185	name: controller-controller-manager
				186	namespace: {{ .Release.Namespace }}
				187	---
				188	apiVersion: rbac.authorization.k8s.io/v1
				189	kind: ClusterRoleBinding
				190	metadata:
				191	name: controller-manager-rolebinding
				192	roleRef:
				193	apiGroup: rbac.authorization.k8s.io
				194	kind: ClusterRole
				195	name: controller-manager-role
				196	subjects:
				197	- kind: ServiceAccount
				198	name: controller-controller-manager
				199	namespace: {{ .Release.Namespace }}
				200	---
				201	apiVersion: rbac.authorization.k8s.io/v1
				202	kind: ClusterRoleBinding
				203	metadata:
				204	name: controller-proxy-rolebinding
				205	roleRef:
				206	apiGroup: rbac.authorization.k8s.io
				207	kind: ClusterRole
				208	name: controller-proxy-role
				209	subjects:
				210	- kind: ServiceAccount
				211	name: controller-controller-manager
				212	namespace: {{ .Release.Namespace }}
				213	---
				214	apiVersion: v1
				215	data:
				216	controller_manager_config.yaml: \|
				217	apiVersion: controller-runtime.sigs.k8s.io/v1alpha1
				218	kind: ControllerManagerConfig
				219	health:
				220	healthProbeBindAddress: :8081
				221	metrics:
				222	bindAddress: 127.0.0.1:8080
				223	webhook:
				224	port: 9443
				225	leaderElection:
				226	leaderElect: true
				227	resourceName: 798a733c.dodo.cloud
				228	# leaderElectionReleaseOnCancel defines if the leader should step down volume
				229	# when the Manager ends. This requires the binary to immediately end when the
				230	# Manager is stopped, otherwise, this setting is unsafe. Setting this significantly
				231	# speeds up voluntary leader transitions as the new leader don't have to wait
				232	# LeaseDuration time first.
				233	# In the default scaffold provided, the program ends immediately after
				234	# the manager stops, so would be fine to enable this option. However,
				235	# if you are doing or is intended to do any operation such as perform cleanups
				236	# after the manager stops then its usage might be unsafe.
				237	# leaderElectionReleaseOnCancel: true
				238	kind: ConfigMap
				239	metadata:
				240	name: controller-manager-config
				241	namespace: {{ .Release.Namespace }}
				242	---
				243	apiVersion: v1
				244	kind: Service
				245	metadata:
				246	labels:
				247	control-plane: controller-manager
				248	name: controller-controller-manager-metrics-service
				249	namespace: {{ .Release.Namespace }}
				250	spec:
				251	ports:
				252	- name: https
				253	port: 8443
				254	protocol: TCP
				255	targetPort: https
				256	selector:
				257	control-plane: controller-manager
				258	---
				259	apiVersion: apps/v1
				260	kind: Deployment
				261	metadata:
				262	labels:
				263	control-plane: controller-manager
				264	name: controller-controller-manager
				265	namespace: {{ .Release.Namespace }}
				266	spec:
				267	replicas: 1
				268	selector:
				269	matchLabels:
				270	control-plane: controller-manager
				271	template:
				272	metadata:
				273	annotations:
				274	kubectl.kubernetes.io/default-container: manager
				275	labels:
				276	control-plane: controller-manager
				277	spec:
				278	containers:
				279	- args:
				280	- --secure-listen-address=0.0.0.0:8443
				281	- --upstream=http://127.0.0.1:8080/
				282	- --logtostderr=true
				283	- --v=0
				284	image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.0
				285	name: kube-rbac-proxy
				286	ports:
				287	- containerPort: 8443
				288	name: https
				289	protocol: TCP
				290	resources:
				291	limits:
				292	cpu: 500m
				293	memory: 128Mi
				294	requests:
				295	cpu: 5m
				296	memory: 64Mi
				297	securityContext:
				298	allowPrivilegeEscalation: false
				299	capabilities:
				300	drop:
				301	- ALL
				302	- args:
				303	- --health-probe-bind-address=:8081
				304	- --metrics-bind-address=127.0.0.1:8080
				305	- --leader-elect
				306	command:
				307	- /manager
				308	image: giolekva/headscale-controller:latest
				309	imagePullPolicy: Always
				310	livenessProbe:
				311	httpGet:
				312	path: /healthz
				313	port: 8081
				314	initialDelaySeconds: 15
				315	periodSeconds: 20
				316	name: manager
				317	readinessProbe:
				318	httpGet:
				319	path: /readyz
				320	port: 8081
				321	initialDelaySeconds: 5
				322	periodSeconds: 10
				323	resources:
				324	limits:
				325	cpu: 500m
				326	memory: 128Mi
				327	requests:
				328	cpu: 10m
				329	memory: 64Mi
				330	securityContext:
				331	allowPrivilegeEscalation: false
				332	capabilities:
				333	drop:
				334	- ALL
				335	securityContext:
				336	runAsNonRoot: true
				337	serviceAccountName: controller-controller-manager
				338	terminationGracePeriodSeconds: 10