Blame - charts/headscale-controller/templates/install.yaml - pcloud

blob: 7c2c129ffa99f3978e68ee0e25b02cbd5ed47026 [file] [log] [blame]

Giorgi Lekveishvili	ec0f3bb	2023-06-19 18:46:53 +0400	[diff] [blame]	1	apiVersion: v1
				2	kind: ServiceAccount
				3	metadata:
				4	name: controller-controller-manager
				5	namespace: {{ .Release.Namespace }}
				6	---
				7	apiVersion: rbac.authorization.k8s.io/v1
				8	kind: Role
				9	metadata:
				10	name: controller-leader-election-role
				11	namespace: {{ .Release.Namespace }}
				12	rules:
				13	- apiGroups:
				14	- ""
				15	resources:
				16	- configmaps
				17	verbs:
				18	- get
				19	- list
				20	- watch
				21	- create
				22	- update
				23	- patch
				24	- delete
				25	- apiGroups:
				26	- coordination.k8s.io
				27	resources:
				28	- leases
				29	verbs:
				30	- get
				31	- list
				32	- watch
				33	- create
				34	- update
				35	- patch
				36	- delete
				37	- apiGroups:
				38	- ""
				39	resources:
				40	- events
				41	verbs:
				42	- create
				43	- patch
				44	---
				45	apiVersion: rbac.authorization.k8s.io/v1
				46	kind: ClusterRole
				47	metadata:
				48	creationTimestamp: null
				49	name: controller-manager-role
				50	rules:
				51	- apiGroups:
				52	- ""
				53	resources:
				54	- secrets
				55	verbs:
				56	- create
				57	- delete
				58	- get
				59	- list
				60	- patch
				61	- update
				62	- watch
				63	- apiGroups:
				64	- headscale.dodo.cloud
				65	resources:
				66	- headscaleusers
				67	verbs:
				68	- create
				69	- delete
				70	- get
				71	- list
				72	- patch
				73	- update
				74	- watch
				75	- apiGroups:
				76	- headscale.dodo.cloud
				77	resources:
				78	- headscaleusers/finalizers
				79	verbs:
				80	- update
				81	- apiGroups:
				82	- headscale.dodo.cloud
				83	resources:
				84	- headscaleusers/status
				85	verbs:
				86	- get
				87	- patch
				88	- update
				89	---
				90	apiVersion: rbac.authorization.k8s.io/v1
				91	kind: ClusterRole
				92	metadata:
				93	name: controller-metrics-reader
				94	rules:
				95	- nonResourceURLs:
				96	- /metrics
				97	verbs:
				98	- get
				99	---
				100	apiVersion: rbac.authorization.k8s.io/v1
				101	kind: ClusterRole
				102	metadata:
				103	name: controller-proxy-role
				104	rules:
				105	- apiGroups:
				106	- authentication.k8s.io
				107	resources:
				108	- tokenreviews
				109	verbs:
				110	- create
				111	- apiGroups:
				112	- authorization.k8s.io
				113	resources:
				114	- subjectaccessreviews
				115	verbs:
				116	- create
				117	---
				118	apiVersion: rbac.authorization.k8s.io/v1
				119	kind: RoleBinding
				120	metadata:
				121	name: controller-leader-election-rolebinding
				122	namespace: {{ .Release.Namespace }}
				123	roleRef:
				124	apiGroup: rbac.authorization.k8s.io
				125	kind: Role
				126	name: controller-leader-election-role
				127	subjects:
				128	- kind: ServiceAccount
				129	name: controller-controller-manager
				130	namespace: {{ .Release.Namespace }}
				131	---
				132	apiVersion: rbac.authorization.k8s.io/v1
				133	kind: ClusterRoleBinding
				134	metadata:
				135	name: controller-manager-rolebinding
				136	roleRef:
				137	apiGroup: rbac.authorization.k8s.io
				138	kind: ClusterRole
				139	name: controller-manager-role
				140	subjects:
				141	- kind: ServiceAccount
				142	name: controller-controller-manager
				143	namespace: {{ .Release.Namespace }}
				144	---
				145	apiVersion: rbac.authorization.k8s.io/v1
				146	kind: ClusterRoleBinding
				147	metadata:
				148	name: controller-proxy-rolebinding
				149	roleRef:
				150	apiGroup: rbac.authorization.k8s.io
				151	kind: ClusterRole
				152	name: controller-proxy-role
				153	subjects:
				154	- kind: ServiceAccount
				155	name: controller-controller-manager
				156	namespace: {{ .Release.Namespace }}
				157	---
				158	apiVersion: v1
				159	data:
				160	controller_manager_config.yaml: \|
				161	apiVersion: controller-runtime.sigs.k8s.io/v1alpha1
				162	kind: ControllerManagerConfig
				163	health:
				164	healthProbeBindAddress: :8081
				165	metrics:
				166	bindAddress: 127.0.0.1:8080
				167	webhook:
				168	port: 9443
				169	leaderElection:
				170	leaderElect: true
				171	resourceName: 798a733c.dodo.cloud
				172	# leaderElectionReleaseOnCancel defines if the leader should step down volume
				173	# when the Manager ends. This requires the binary to immediately end when the
				174	# Manager is stopped, otherwise, this setting is unsafe. Setting this significantly
				175	# speeds up voluntary leader transitions as the new leader don't have to wait
				176	# LeaseDuration time first.
				177	# In the default scaffold provided, the program ends immediately after
				178	# the manager stops, so would be fine to enable this option. However,
				179	# if you are doing or is intended to do any operation such as perform cleanups
				180	# after the manager stops then its usage might be unsafe.
				181	# leaderElectionReleaseOnCancel: true
				182	kind: ConfigMap
				183	metadata:
				184	name: controller-manager-config
				185	namespace: {{ .Release.Namespace }}
				186	---
				187	apiVersion: v1
				188	kind: Service
				189	metadata:
				190	labels:
				191	control-plane: controller-manager
				192	name: controller-controller-manager-metrics-service
				193	namespace: {{ .Release.Namespace }}
				194	spec:
				195	ports:
				196	- name: https
				197	port: 8443
				198	protocol: TCP
				199	targetPort: https
				200	selector:
				201	control-plane: controller-manager
				202	---
				203	apiVersion: apps/v1
				204	kind: Deployment
				205	metadata:
				206	labels:
				207	control-plane: controller-manager
				208	name: controller-controller-manager
				209	namespace: {{ .Release.Namespace }}
				210	spec:
				211	replicas: 1
				212	selector:
				213	matchLabels:
				214	control-plane: controller-manager
				215	template:
				216	metadata:
				217	annotations:
				218	kubectl.kubernetes.io/default-container: manager
				219	labels:
				220	control-plane: controller-manager
				221	spec:
				222	containers:
				223	- args:
				224	- --secure-listen-address=0.0.0.0:8443
				225	- --upstream=http://127.0.0.1:8080/
				226	- --logtostderr=true
				227	- --v=0
Giorgi Lekveishvili	e009a5d	2024-01-05 14:10:11 +0400	[diff] [blame]	228	image: {{ .Values.kubeRBACProxy.image.repository }}:{{ .Values.kubeRBACProxy.image.tag }}
Giorgi Lekveishvili	ec0f3bb	2023-06-19 18:46:53 +0400	[diff] [blame]	229	name: kube-rbac-proxy
				230	ports:
				231	- containerPort: 8443
				232	name: https
				233	protocol: TCP
				234	resources:
				235	limits:
				236	cpu: 500m
				237	memory: 128Mi
				238	requests:
				239	cpu: 5m
				240	memory: 64Mi
				241	securityContext:
				242	allowPrivilegeEscalation: false
				243	capabilities:
				244	drop:
				245	- ALL
				246	- args:
				247	- --health-probe-bind-address=:8081
				248	- --metrics-bind-address=127.0.0.1:8080
				249	- --leader-elect
				250	command:
				251	- /manager
Giorgi Lekveishvili	e009a5d	2024-01-05 14:10:11 +0400	[diff] [blame]	252	image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
				253	imagePullPolicy: {{ .Values.image.pullPolicy }}
Giorgi Lekveishvili	ec0f3bb	2023-06-19 18:46:53 +0400	[diff] [blame]	254	livenessProbe:
				255	httpGet:
				256	path: /healthz
				257	port: 8081
				258	initialDelaySeconds: 15
				259	periodSeconds: 20
				260	name: manager
				261	readinessProbe:
				262	httpGet:
				263	path: /readyz
				264	port: 8081
				265	initialDelaySeconds: 5
				266	periodSeconds: 10
				267	resources:
				268	limits:
				269	cpu: 500m
				270	memory: 128Mi
				271	requests:
				272	cpu: 10m
				273	memory: 64Mi
				274	securityContext:
				275	allowPrivilegeEscalation: false
				276	capabilities:
				277	drop:
				278	- ALL
				279	securityContext:
				280	runAsNonRoot: true
				281	serviceAccountName: controller-controller-manager
				282	terminationGracePeriodSeconds: 10