Blame - charts/dns-ns-controller/templates/install.yaml - pcloud

blob: 2c536394c01911ba9bee9c995a022474045ec254 [file] [log] [blame]

Giorgi Lekveishvili	e8b2f01	2023-11-30 19:05:03 +0400	[diff] [blame^]	1	apiVersion: v1
				2	kind: ServiceAccount
				3	metadata:
				4	name: ns-controller-controller-manager
				5	namespace: {{ .Release.Namespace }}
				6	---
				7	apiVersion: rbac.authorization.k8s.io/v1
				8	kind: Role
				9	metadata:
				10	name: ns-controller-leader-election-role
				11	namespace: {{ .Release.Namespace }}
				12	rules:
				13	- apiGroups:
				14	- ""
				15	resources:
				16	- configmaps
				17	verbs:
				18	- get
				19	- list
				20	- watch
				21	- create
				22	- update
				23	- patch
				24	- delete
				25	- apiGroups:
				26	- coordination.k8s.io
				27	resources:
				28	- leases
				29	verbs:
				30	- get
				31	- list
				32	- watch
				33	- create
				34	- update
				35	- patch
				36	- delete
				37	- apiGroups:
				38	- ""
				39	resources:
				40	- events
				41	verbs:
				42	- create
				43	- patch
				44	---
				45	apiVersion: rbac.authorization.k8s.io/v1
				46	kind: ClusterRole
				47	metadata:
				48	creationTimestamp: null
				49	name: ns-controller-manager-role
				50	rules:
				51	- apiGroups:
				52	- ""
				53	resources:
				54	- secrets
				55	verbs:
				56	- create
				57	- delete
				58	- get
				59	- list
				60	- patch
				61	- update
				62	- watch
				63	- apiGroups:
				64	- dodo.cloud.dodo.cloud
				65	resources:
				66	- dnszones
				67	verbs:
				68	- create
				69	- delete
				70	- get
				71	- list
				72	- patch
				73	- update
				74	- watch
				75	- apiGroups:
				76	- dodo.cloud.dodo.cloud
				77	resources:
				78	- dnszones/finalizers
				79	verbs:
				80	- update
				81	- apiGroups:
				82	- dodo.cloud.dodo.cloud
				83	resources:
				84	- dnszones/status
				85	verbs:
				86	- get
				87	- patch
				88	- update
				89	---
				90	apiVersion: rbac.authorization.k8s.io/v1
				91	kind: ClusterRole
				92	metadata:
				93	name: ns-controller-metrics-reader
				94	rules:
				95	- nonResourceURLs:
				96	- /metrics
				97	verbs:
				98	- get
				99	---
				100	apiVersion: rbac.authorization.k8s.io/v1
				101	kind: ClusterRole
				102	metadata:
				103	name: ns-controller-proxy-role
				104	rules:
				105	- apiGroups:
				106	- authentication.k8s.io
				107	resources:
				108	- tokenreviews
				109	verbs:
				110	- create
				111	- apiGroups:
				112	- authorization.k8s.io
				113	resources:
				114	- subjectaccessreviews
				115	verbs:
				116	- create
				117	---
				118	apiVersion: rbac.authorization.k8s.io/v1
				119	kind: RoleBinding
				120	metadata:
				121	name: ns-controller-leader-election-rolebinding
				122	namespace: {{ .Release.Namespace }}
				123	roleRef:
				124	apiGroup: rbac.authorization.k8s.io
				125	kind: Role
				126	name: ns-controller-leader-election-role
				127	subjects:
				128	- kind: ServiceAccount
				129	name: ns-controller-controller-manager
				130	namespace: {{ .Release.Namespace }}
				131	---
				132	apiVersion: rbac.authorization.k8s.io/v1
				133	kind: ClusterRoleBinding
				134	metadata:
				135	name: ns-controller-manager-rolebinding
				136	roleRef:
				137	apiGroup: rbac.authorization.k8s.io
				138	kind: ClusterRole
				139	name: ns-controller-manager-role
				140	subjects:
				141	- kind: ServiceAccount
				142	name: ns-controller-controller-manager
				143	namespace: {{ .Release.Namespace }}
				144	---
				145	apiVersion: rbac.authorization.k8s.io/v1
				146	kind: ClusterRoleBinding
				147	metadata:
				148	name: ns-controller-proxy-rolebinding
				149	roleRef:
				150	apiGroup: rbac.authorization.k8s.io
				151	kind: ClusterRole
				152	name: ns-controller-proxy-role
				153	subjects:
				154	- kind: ServiceAccount
				155	name: ns-controller-controller-manager
				156	namespace: {{ .Release.Namespace }}
				157	---
				158	apiVersion: v1
				159	data:
				160	controller_manager_config.yaml: \|
				161	apiVersion: controller-runtime.sigs.k8s.io/v1alpha1
				162	kind: ControllerManagerConfig
				163	health:
				164	healthProbeBindAddress: :8081
				165	metrics:
				166	bindAddress: 127.0.0.1:8080
				167	webhook:
				168	port: 9443
				169	leaderElection:
				170	leaderElect: true
				171	resourceName: c1db6143.dodo.cloud
				172	# leaderElectionReleaseOnCancel defines if the leader should step down volume
				173	# when the Manager ends. This requires the binary to immediately end when the
				174	# Manager is stopped, otherwise, this setting is unsafe. Setting this significantly
				175	# speeds up voluntary leader transitions as the new leader don't have to wait
				176	# LeaseDuration time first.
				177	# In the default scaffold provided, the program ends immediately after
				178	# the manager stops, so would be fine to enable this option. However,
				179	# if you are doing or is intended to do any operation such as perform cleanups
				180	# after the manager stops then its usage might be unsafe.
				181	# leaderElectionReleaseOnCancel: true
				182	kind: ConfigMap
				183	metadata:
				184	name: ns-controller-manager-config
				185	namespace: {{ .Release.Namespace }}
				186	---
				187	apiVersion: v1
				188	kind: Service
				189	metadata:
				190	labels:
				191	control-plane: controller-manager
				192	name: ns-controller-controller-manager-metrics-service
				193	namespace: {{ .Release.Namespace }}
				194	spec:
				195	ports:
				196	- name: https
				197	port: 8443
				198	protocol: TCP
				199	targetPort: https
				200	selector:
				201	control-plane: controller-manager
				202	---
				203	apiVersion: apps/v1
				204	kind: Deployment
				205	metadata:
				206	labels:
				207	control-plane: controller-manager
				208	name: ns-controller-controller-manager
				209	namespace: {{ .Release.Namespace }}
				210	spec:
				211	replicas: 1
				212	selector:
				213	matchLabels:
				214	control-plane: controller-manager
				215	template:
				216	metadata:
				217	annotations:
				218	kubectl.kubernetes.io/default-container: manager
				219	labels:
				220	control-plane: controller-manager
				221	spec:
				222	volumes:
				223	- name: zone-configs
				224	persistentVolumeClaim:
				225	claimName: dns-configs
				226	containers:
				227	- args:
				228	- --secure-listen-address=0.0.0.0:8443
				229	- --upstream=http://127.0.0.1:8080/
				230	- --logtostderr=true
				231	- --v=0
				232	image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.0
				233	name: kube-rbac-proxy
				234	ports:
				235	- containerPort: 8443
				236	name: https
				237	protocol: TCP
				238	resources:
				239	limits:
				240	cpu: 500m
				241	memory: 128Mi
				242	requests:
				243	cpu: 5m
				244	memory: 64Mi
				245	securityContext:
				246	allowPrivilegeEscalation: false
				247	capabilities:
				248	drop:
				249	- ALL
				250	- args:
				251	- --health-probe-bind-address=:8081
				252	- --metrics-bind-address=127.0.0.1:8080
				253	- --leader-elect
				254	- --config-dir=/etc/pcloud/dns-zone-configs
				255	command:
				256	- /manager
				257	image: giolekva/dns-ns-controller:latest
				258	volumeMounts:
				259	- name: zone-configs
				260	mountPath: /etc/pcloud/dns-zone-configs
				261	livenessProbe:
				262	httpGet:
				263	path: /healthz
				264	port: 8081
				265	initialDelaySeconds: 15
				266	periodSeconds: 20
				267	name: manager
				268	readinessProbe:
				269	httpGet:
				270	path: /readyz
				271	port: 8081
				272	initialDelaySeconds: 5
				273	periodSeconds: 10
				274	resources:
				275	limits:
				276	cpu: 500m
				277	memory: 128Mi
				278	requests:
				279	cpu: 10m
				280	memory: 64Mi
				281	securityContext:
				282	allowPrivilegeEscalation: false
				283	capabilities:
				284	drop:
				285	- ALL
				286	securityContext:
				287	runAsNonRoot: true
				288	serviceAccountName: ns-controller-controller-manager
				289	terminationGracePeriodSeconds: 10