Blame - charts/resource-renderer-controller/templates/install.yaml - pcloud

blob: 64af9def403f8e0fdfa9a3efa0c90946ad6ebfc8 [file] [log] [blame]

Giorgi Lekveishvili	ec0f3bb	2023-06-19 18:46:53 +0400	[diff] [blame]	1	apiVersion: v1
				2	kind: ServiceAccount
				3	metadata:
				4	name: resource-renderer-controller-manager
				5	namespace: {{ .Release.Namespace }}
				6	---
				7	apiVersion: rbac.authorization.k8s.io/v1
				8	kind: Role
				9	metadata:
				10	name: resource-renderer-leader-election-role
				11	namespace: {{ .Release.Namespace }}
				12	rules:
				13	- apiGroups:
				14	- ""
				15	resources:
				16	- configmaps
				17	verbs:
				18	- get
				19	- list
				20	- watch
				21	- create
				22	- update
				23	- patch
				24	- delete
				25	- apiGroups:
				26	- coordination.k8s.io
				27	resources:
				28	- leases
				29	verbs:
				30	- get
				31	- list
				32	- watch
				33	- create
				34	- update
				35	- patch
				36	- delete
				37	- apiGroups:
				38	- ""
				39	resources:
				40	- events
				41	verbs:
				42	- create
				43	- patch
				44	---
				45	apiVersion: rbac.authorization.k8s.io/v1
				46	kind: ClusterRole
				47	metadata:
				48	creationTimestamp: null
				49	name: resource-renderer-manager-role
				50	rules:
				51	- apiGroups:
				52	- ""
				53	resources:
				54	- configmaps
				55	verbs:
				56	- create
				57	- delete
				58	- get
				59	- list
				60	- patch
				61	- update
				62	- watch
				63	- apiGroups:
				64	- ""
				65	resources:
				66	- secrets
				67	verbs:
				68	- create
				69	- delete
				70	- get
				71	- list
				72	- patch
				73	- update
				74	- watch
				75	- apiGroups:
				76	- dodo.cloud.dodo.cloud
				77	resources:
				78	- resourcerenderers
				79	verbs:
				80	- create
				81	- delete
				82	- get
				83	- list
				84	- patch
				85	- update
				86	- watch
				87	- apiGroups:
				88	- dodo.cloud.dodo.cloud
				89	resources:
				90	- resourcerenderers/finalizers
				91	verbs:
				92	- update
				93	- apiGroups:
				94	- dodo.cloud.dodo.cloud
				95	resources:
				96	- resourcerenderers/status
				97	verbs:
				98	- get
				99	- patch
				100	- update
				101	---
				102	apiVersion: rbac.authorization.k8s.io/v1
				103	kind: ClusterRole
				104	metadata:
				105	name: resource-renderer-metrics-reader
				106	rules:
				107	- nonResourceURLs:
				108	- /metrics
				109	verbs:
				110	- get
				111	---
				112	apiVersion: rbac.authorization.k8s.io/v1
				113	kind: ClusterRole
				114	metadata:
				115	name: resource-renderer-proxy-role
				116	rules:
				117	- apiGroups:
				118	- authentication.k8s.io
				119	resources:
				120	- tokenreviews
				121	verbs:
				122	- create
				123	- apiGroups:
				124	- authorization.k8s.io
				125	resources:
				126	- subjectaccessreviews
				127	verbs:
				128	- create
				129	---
				130	apiVersion: rbac.authorization.k8s.io/v1
				131	kind: RoleBinding
				132	metadata:
				133	name: resource-renderer-leader-election-rolebinding
				134	namespace: {{ .Release.Namespace }}
				135	roleRef:
				136	apiGroup: rbac.authorization.k8s.io
				137	kind: Role
				138	name: resource-renderer-leader-election-role
				139	subjects:
				140	- kind: ServiceAccount
				141	name: resource-renderer-controller-manager
				142	namespace: {{ .Release.Namespace }}
				143	---
				144	apiVersion: rbac.authorization.k8s.io/v1
				145	kind: ClusterRoleBinding
				146	metadata:
				147	name: resource-renderer-manager-rolebinding
				148	roleRef:
				149	apiGroup: rbac.authorization.k8s.io
				150	kind: ClusterRole
				151	name: resource-renderer-manager-role
				152	subjects:
				153	- kind: ServiceAccount
				154	name: resource-renderer-controller-manager
				155	namespace: {{ .Release.Namespace }}
				156	---
				157	apiVersion: rbac.authorization.k8s.io/v1
				158	kind: ClusterRoleBinding
				159	metadata:
				160	name: resource-renderer-proxy-rolebinding
				161	roleRef:
				162	apiGroup: rbac.authorization.k8s.io
				163	kind: ClusterRole
				164	name: resource-renderer-proxy-role
				165	subjects:
				166	- kind: ServiceAccount
				167	name: resource-renderer-controller-manager
				168	namespace: {{ .Release.Namespace }}
				169	---
				170	apiVersion: v1
				171	data:
				172	controller_manager_config.yaml: \|
				173	apiVersion: controller-runtime.sigs.k8s.io/v1alpha1
				174	kind: ControllerManagerConfig
				175	health:
				176	healthProbeBindAddress: :8081
				177	metrics:
				178	bindAddress: 127.0.0.1:8080
				179	webhook:
				180	port: 9443
				181	leaderElection:
				182	leaderElect: true
				183	resourceName: 798a733c.dodo.cloud
				184	# leaderElectionReleaseOnCancel defines if the leader should step down volume
				185	# when the Manager ends. This requires the binary to immediately end when the
				186	# Manager is stopped, otherwise, this setting is unsafe. Setting this significantly
				187	# speeds up voluntary leader transitions as the new leader don't have to wait
				188	# LeaseDuration time first.
				189	# In the default scaffold provided, the program ends immediately after
				190	# the manager stops, so would be fine to enable this option. However,
				191	# if you are doing or is intended to do any operation such as perform cleanups
				192	# after the manager stops then its usage might be unsafe.
				193	# leaderElectionReleaseOnCancel: true
				194	kind: ConfigMap
				195	metadata:
				196	name: resource-renderer-manager-config
				197	namespace: {{ .Release.Namespace }}
				198	---
				199	apiVersion: v1
				200	kind: Service
				201	metadata:
				202	labels:
				203	control-plane: controller-manager
				204	name: resource-renderer-controller-manager-metrics-service
				205	namespace: {{ .Release.Namespace }}
				206	spec:
				207	ports:
				208	- name: https
				209	port: 8443
				210	protocol: TCP
				211	targetPort: https
				212	selector:
				213	control-plane: controller-manager
				214	---
				215	apiVersion: apps/v1
				216	kind: Deployment
				217	metadata:
				218	labels:
				219	control-plane: controller-manager
				220	name: resource-renderer-controller-manager
				221	namespace: {{ .Release.Namespace }}
				222	spec:
				223	replicas: 1
				224	selector:
				225	matchLabels:
				226	control-plane: controller-manager
				227	template:
				228	metadata:
				229	annotations:
				230	kubectl.kubernetes.io/default-container: manager
				231	labels:
				232	control-plane: controller-manager
				233	spec:
				234	containers:
				235	- args:
				236	- --secure-listen-address=0.0.0.0:8443
				237	- --upstream=http://127.0.0.1:8080/
				238	- --logtostderr=true
				239	- --v=0
Giorgi Lekveishvili	e009a5d	2024-01-05 14:10:11 +0400	[diff] [blame]	240	image: {{ .Values.kubeRBACProxy.image.repository }}:{{ .Values.kubeRBACProxy.image.tag }}
Giorgi Lekveishvili	ec0f3bb	2023-06-19 18:46:53 +0400	[diff] [blame]	241	name: kube-rbac-proxy
				242	ports:
				243	- containerPort: 8443
				244	name: https
				245	protocol: TCP
				246	resources:
				247	limits:
				248	cpu: 500m
				249	memory: 128Mi
				250	requests:
				251	cpu: 5m
				252	memory: 64Mi
				253	securityContext:
				254	allowPrivilegeEscalation: false
				255	capabilities:
				256	drop:
				257	- ALL
				258	- args:
				259	- --health-probe-bind-address=:8081
				260	- --metrics-bind-address=127.0.0.1:8080
				261	- --leader-elect
				262	command:
				263	- /manager
Giorgi Lekveishvili	e009a5d	2024-01-05 14:10:11 +0400	[diff] [blame]	264	image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
				265	imagePullPolicy: {{ .Values.image.pullPolicy }}
Giorgi Lekveishvili	ec0f3bb	2023-06-19 18:46:53 +0400	[diff] [blame]	266	livenessProbe:
				267	httpGet:
				268	path: /healthz
				269	port: 8081
				270	initialDelaySeconds: 15
				271	periodSeconds: 20
				272	name: manager
				273	readinessProbe:
				274	httpGet:
				275	path: /readyz
				276	port: 8081
				277	initialDelaySeconds: 5
				278	periodSeconds: 10
				279	resources:
				280	limits:
				281	cpu: 500m
				282	memory: 128Mi
				283	requests:
				284	cpu: 10m
				285	memory: 64Mi
				286	securityContext:
				287	allowPrivilegeEscalation: false
				288	capabilities:
				289	drop:
				290	- ALL
				291	securityContext:
				292	runAsNonRoot: true
				293	serviceAccountName: resource-renderer-controller-manager
				294	terminationGracePeriodSeconds: 10