Blame - charts/headscale-controller/templates/install.yaml - pcloud

blob: 11803730d6922619148f05ba154d7e47eb3e29b5 [file] [log] [blame]

Giorgi Lekveishvili	ec0f3bb	2023-06-19 18:46:53 +0400	[diff] [blame^]	1	apiVersion: apiextensions.k8s.io/v1
				2	kind: CustomResourceDefinition
				3	metadata:
				4	annotations:
				5	controller-gen.kubebuilder.io/version: v0.9.2
				6	creationTimestamp: null
				7	name: headscaleusers.headscale.dodo.cloud
				8	spec:
				9	group: headscale.dodo.cloud
				10	names:
				11	kind: HeadscaleUser
				12	listKind: HeadscaleUserList
				13	plural: headscaleusers
				14	singular: headscaleuser
				15	scope: Namespaced
				16	versions:
				17	- name: v1
				18	schema:
				19	openAPIV3Schema:
				20	description: HeadscaleUser is the Schema for the headscaleusers API
				21	properties:
				22	apiVersion:
				23	description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
				24	type: string
				25	kind:
				26	description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
				27	type: string
				28	metadata:
				29	type: object
				30	spec:
				31	description: HeadscaleUserSpec defines the desired state of HeadscaleUser
				32	properties:
				33	name:
				34	type: string
				35	preAuthKey:
				36	properties:
				37	enabled:
				38	type: boolean
				39	secretName:
				40	type: string
				41	type: object
				42	type: object
				43	status:
				44	description: HeadscaleUserStatus defines the observed state of HeadscaleUser
				45	properties:
				46	ready:
				47	type: boolean
				48	type: object
				49	type: object
				50	served: true
				51	storage: true
				52	subresources:
				53	status: {}
				54	---
				55	apiVersion: v1
				56	kind: ServiceAccount
				57	metadata:
				58	name: controller-controller-manager
				59	namespace: {{ .Release.Namespace }}
				60	---
				61	apiVersion: rbac.authorization.k8s.io/v1
				62	kind: Role
				63	metadata:
				64	name: controller-leader-election-role
				65	namespace: {{ .Release.Namespace }}
				66	rules:
				67	- apiGroups:
				68	- ""
				69	resources:
				70	- configmaps
				71	verbs:
				72	- get
				73	- list
				74	- watch
				75	- create
				76	- update
				77	- patch
				78	- delete
				79	- apiGroups:
				80	- coordination.k8s.io
				81	resources:
				82	- leases
				83	verbs:
				84	- get
				85	- list
				86	- watch
				87	- create
				88	- update
				89	- patch
				90	- delete
				91	- apiGroups:
				92	- ""
				93	resources:
				94	- events
				95	verbs:
				96	- create
				97	- patch
				98	---
				99	apiVersion: rbac.authorization.k8s.io/v1
				100	kind: ClusterRole
				101	metadata:
				102	creationTimestamp: null
				103	name: controller-manager-role
				104	rules:
				105	- apiGroups:
				106	- ""
				107	resources:
				108	- secrets
				109	verbs:
				110	- create
				111	- delete
				112	- get
				113	- list
				114	- patch
				115	- update
				116	- watch
				117	- apiGroups:
				118	- headscale.dodo.cloud
				119	resources:
				120	- headscaleusers
				121	verbs:
				122	- create
				123	- delete
				124	- get
				125	- list
				126	- patch
				127	- update
				128	- watch
				129	- apiGroups:
				130	- headscale.dodo.cloud
				131	resources:
				132	- headscaleusers/finalizers
				133	verbs:
				134	- update
				135	- apiGroups:
				136	- headscale.dodo.cloud
				137	resources:
				138	- headscaleusers/status
				139	verbs:
				140	- get
				141	- patch
				142	- update
				143	---
				144	apiVersion: rbac.authorization.k8s.io/v1
				145	kind: ClusterRole
				146	metadata:
				147	name: controller-metrics-reader
				148	rules:
				149	- nonResourceURLs:
				150	- /metrics
				151	verbs:
				152	- get
				153	---
				154	apiVersion: rbac.authorization.k8s.io/v1
				155	kind: ClusterRole
				156	metadata:
				157	name: controller-proxy-role
				158	rules:
				159	- apiGroups:
				160	- authentication.k8s.io
				161	resources:
				162	- tokenreviews
				163	verbs:
				164	- create
				165	- apiGroups:
				166	- authorization.k8s.io
				167	resources:
				168	- subjectaccessreviews
				169	verbs:
				170	- create
				171	---
				172	apiVersion: rbac.authorization.k8s.io/v1
				173	kind: RoleBinding
				174	metadata:
				175	name: controller-leader-election-rolebinding
				176	namespace: {{ .Release.Namespace }}
				177	roleRef:
				178	apiGroup: rbac.authorization.k8s.io
				179	kind: Role
				180	name: controller-leader-election-role
				181	subjects:
				182	- kind: ServiceAccount
				183	name: controller-controller-manager
				184	namespace: {{ .Release.Namespace }}
				185	---
				186	apiVersion: rbac.authorization.k8s.io/v1
				187	kind: ClusterRoleBinding
				188	metadata:
				189	name: controller-manager-rolebinding
				190	roleRef:
				191	apiGroup: rbac.authorization.k8s.io
				192	kind: ClusterRole
				193	name: controller-manager-role
				194	subjects:
				195	- kind: ServiceAccount
				196	name: controller-controller-manager
				197	namespace: {{ .Release.Namespace }}
				198	---
				199	apiVersion: rbac.authorization.k8s.io/v1
				200	kind: ClusterRoleBinding
				201	metadata:
				202	name: controller-proxy-rolebinding
				203	roleRef:
				204	apiGroup: rbac.authorization.k8s.io
				205	kind: ClusterRole
				206	name: controller-proxy-role
				207	subjects:
				208	- kind: ServiceAccount
				209	name: controller-controller-manager
				210	namespace: {{ .Release.Namespace }}
				211	---
				212	apiVersion: v1
				213	data:
				214	controller_manager_config.yaml: \|
				215	apiVersion: controller-runtime.sigs.k8s.io/v1alpha1
				216	kind: ControllerManagerConfig
				217	health:
				218	healthProbeBindAddress: :8081
				219	metrics:
				220	bindAddress: 127.0.0.1:8080
				221	webhook:
				222	port: 9443
				223	leaderElection:
				224	leaderElect: true
				225	resourceName: 798a733c.dodo.cloud
				226	# leaderElectionReleaseOnCancel defines if the leader should step down volume
				227	# when the Manager ends. This requires the binary to immediately end when the
				228	# Manager is stopped, otherwise, this setting is unsafe. Setting this significantly
				229	# speeds up voluntary leader transitions as the new leader don't have to wait
				230	# LeaseDuration time first.
				231	# In the default scaffold provided, the program ends immediately after
				232	# the manager stops, so would be fine to enable this option. However,
				233	# if you are doing or is intended to do any operation such as perform cleanups
				234	# after the manager stops then its usage might be unsafe.
				235	# leaderElectionReleaseOnCancel: true
				236	kind: ConfigMap
				237	metadata:
				238	name: controller-manager-config
				239	namespace: {{ .Release.Namespace }}
				240	---
				241	apiVersion: v1
				242	kind: Service
				243	metadata:
				244	labels:
				245	control-plane: controller-manager
				246	name: controller-controller-manager-metrics-service
				247	namespace: {{ .Release.Namespace }}
				248	spec:
				249	ports:
				250	- name: https
				251	port: 8443
				252	protocol: TCP
				253	targetPort: https
				254	selector:
				255	control-plane: controller-manager
				256	---
				257	apiVersion: apps/v1
				258	kind: Deployment
				259	metadata:
				260	labels:
				261	control-plane: controller-manager
				262	name: controller-controller-manager
				263	namespace: {{ .Release.Namespace }}
				264	spec:
				265	replicas: 1
				266	selector:
				267	matchLabels:
				268	control-plane: controller-manager
				269	template:
				270	metadata:
				271	annotations:
				272	kubectl.kubernetes.io/default-container: manager
				273	labels:
				274	control-plane: controller-manager
				275	spec:
				276	containers:
				277	- args:
				278	- --secure-listen-address=0.0.0.0:8443
				279	- --upstream=http://127.0.0.1:8080/
				280	- --logtostderr=true
				281	- --v=0
				282	image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.0
				283	name: kube-rbac-proxy
				284	ports:
				285	- containerPort: 8443
				286	name: https
				287	protocol: TCP
				288	resources:
				289	limits:
				290	cpu: 500m
				291	memory: 128Mi
				292	requests:
				293	cpu: 5m
				294	memory: 64Mi
				295	securityContext:
				296	allowPrivilegeEscalation: false
				297	capabilities:
				298	drop:
				299	- ALL
				300	- args:
				301	- --health-probe-bind-address=:8081
				302	- --metrics-bind-address=127.0.0.1:8080
				303	- --leader-elect
				304	command:
				305	- /manager
				306	image: giolekva/headscale-controller:latest
				307	imagePullPolicy: Always
				308	livenessProbe:
				309	httpGet:
				310	path: /healthz
				311	port: 8081
				312	initialDelaySeconds: 15
				313	periodSeconds: 20
				314	name: manager
				315	readinessProbe:
				316	httpGet:
				317	path: /readyz
				318	port: 8081
				319	initialDelaySeconds: 5
				320	periodSeconds: 10
				321	resources:
				322	limits:
				323	cpu: 500m
				324	memory: 128Mi
				325	requests:
				326	cpu: 10m
				327	memory: 64Mi
				328	securityContext:
				329	allowPrivilegeEscalation: false
				330	capabilities:
				331	drop:
				332	- ALL
				333	securityContext:
				334	runAsNonRoot: true
				335	serviceAccountName: controller-controller-manager
				336	terminationGracePeriodSeconds: 10