Blame - charts/service-transport-controller/templates/install.yaml - pcloud

blob: f79c8ba317e2eb6dd52b090349c39d7d799cad56 [file] [log] [blame]

Giorgi Lekveishvili	e7746c6	2023-07-20 10:07:06 +0400	[diff] [blame]	1	apiVersion: apiextensions.k8s.io/v1
				2	kind: CustomResourceDefinition
				3	metadata:
				4	annotations:
				5	controller-gen.kubebuilder.io/version: v0.9.2
				6	creationTimestamp: null
				7	name: servicetransports.transport.dodo.cloud
				8	spec:
				9	group: transport.dodo.cloud
				10	names:
				11	kind: ServiceTransport
				12	listKind: ServiceTransportList
				13	plural: servicetransports
				14	singular: servicetransport
				15	scope: Namespaced
				16	versions:
				17	- name: v1
				18	schema:
				19	openAPIV3Schema:
				20	description: ServiceTransport is the Schema for the servicetransports API
				21	properties:
				22	apiVersion:
				23	description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
				24	type: string
				25	kind:
				26	description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
				27	type: string
				28	metadata:
				29	type: object
				30	spec:
				31	description: ServiceTransportSpec defines the desired state of ServiceTransport
				32	properties:
				33	ingressClassName:
				34	type: string
				35	port:
				36	description: Foo is an example field of ServiceTransport. Edit servicetransport_types.go to remove/update
				37	type: integer
				38	protocol:
				39	type: string
				40	service:
				41	type: string
				42	sourcePort:
				43	type: integer
				44	type: object
				45	status:
				46	description: ServiceTransportStatus defines the observed state of ServiceTransport
				47	properties:
				48	port:
				49	type: integer
				50	type: object
				51	type: object
				52	served: true
				53	storage: true
				54	subresources:
				55	status: {}
				56	---
				57	apiVersion: v1
				58	kind: ServiceAccount
				59	metadata:
				60	name: tcp-udp-transport-controller-manager
				61	namespace: {{ .Release.Namespace }}
				62	---
				63	apiVersion: rbac.authorization.k8s.io/v1
				64	kind: Role
				65	metadata:
				66	name: tcp-udp-transport-leader-election-role
				67	namespace: {{ .Release.Namespace }}
				68	rules:
				69	- apiGroups:
				70	- ""
				71	resources:
				72	- configmaps
				73	verbs:
				74	- get
				75	- list
				76	- watch
				77	- create
				78	- update
				79	- patch
				80	- delete
				81	- apiGroups:
				82	- coordination.k8s.io
				83	resources:
				84	- leases
				85	verbs:
				86	- get
				87	- list
				88	- watch
				89	- create
				90	- update
				91	- patch
				92	- delete
				93	- apiGroups:
				94	- ""
				95	resources:
				96	- events
				97	verbs:
				98	- create
				99	- patch
				100	---
				101	apiVersion: rbac.authorization.k8s.io/v1
				102	kind: ClusterRole
				103	metadata:
				104	creationTimestamp: null
				105	name: tcp-udp-transport-manager-role
				106	rules:
				107	- apiGroups:
				108	- transport.dodo.cloud
				109	resources:
				110	- servicetransports
				111	verbs:
				112	- create
				113	- delete
				114	- get
				115	- list
				116	- patch
				117	- update
				118	- watch
				119	- apiGroups:
				120	- transport.dodo.cloud
				121	resources:
				122	- servicetransports/finalizers
				123	verbs:
				124	- update
				125	- apiGroups:
				126	- transport.dodo.cloud
				127	resources:
				128	- servicetransports/status
				129	verbs:
				130	- get
				131	- patch
				132	- update
				133	---
				134	apiVersion: rbac.authorization.k8s.io/v1
				135	kind: ClusterRole
				136	metadata:
				137	name: tcp-udp-transport-metrics-reader
				138	rules:
				139	- nonResourceURLs:
				140	- /metrics
				141	verbs:
				142	- get
				143	---
				144	apiVersion: rbac.authorization.k8s.io/v1
				145	kind: ClusterRole
				146	metadata:
				147	name: tcp-udp-transport-proxy-role
				148	rules:
				149	- apiGroups:
				150	- authentication.k8s.io
				151	resources:
				152	- tokenreviews
				153	verbs:
				154	- create
				155	- apiGroups:
				156	- authorization.k8s.io
				157	resources:
				158	- subjectaccessreviews
				159	verbs:
				160	- create
				161	---
				162	apiVersion: rbac.authorization.k8s.io/v1
				163	kind: RoleBinding
				164	metadata:
				165	name: tcp-udp-transport-leader-election-rolebinding
				166	namespace: {{ .Release.Namespace }}
				167	roleRef:
				168	apiGroup: rbac.authorization.k8s.io
				169	kind: Role
				170	name: tcp-udp-transport-leader-election-role
				171	subjects:
				172	- kind: ServiceAccount
				173	name: tcp-udp-transport-controller-manager
				174	namespace: {{ .Release.Namespace }}
				175	---
				176	apiVersion: rbac.authorization.k8s.io/v1
				177	kind: ClusterRoleBinding
				178	metadata:
				179	name: tcp-udp-transport-manager-rolebinding
				180	roleRef:
				181	apiGroup: rbac.authorization.k8s.io
				182	kind: ClusterRole
				183	name: tcp-udp-transport-manager-role
				184	subjects:
				185	- kind: ServiceAccount
				186	name: tcp-udp-transport-controller-manager
				187	namespace: {{ .Release.Namespace }}
				188	---
				189	apiVersion: rbac.authorization.k8s.io/v1
				190	kind: ClusterRoleBinding
				191	metadata:
				192	name: tcp-udp-transport-proxy-rolebinding
				193	roleRef:
				194	apiGroup: rbac.authorization.k8s.io
				195	kind: ClusterRole
				196	name: tcp-udp-transport-proxy-role
				197	subjects:
				198	- kind: ServiceAccount
				199	name: tcp-udp-transport-controller-manager
				200	namespace: {{ .Release.Namespace }}
				201	---
				202	apiVersion: v1
				203	data:
				204	controller_manager_config.yaml: \|
				205	apiVersion: controller-runtime.sigs.k8s.io/v1alpha1
				206	kind: ControllerManagerConfig
				207	health:
				208	healthProbeBindAddress: :8081
				209	metrics:
				210	bindAddress: 127.0.0.1:8080
				211	webhook:
				212	port: 9443
				213	leaderElection:
				214	leaderElect: true
				215	resourceName: 798a733c.dodo.cloud
				216	# leaderElectionReleaseOnCancel defines if the leader should step down volume
				217	# when the Manager ends. This requires the binary to immediately end when the
				218	# Manager is stopped, otherwise, this setting is unsafe. Setting this significantly
				219	# speeds up voluntary leader transitions as the new leader don't have to wait
				220	# LeaseDuration time first.
				221	# In the default scaffold provided, the program ends immediately after
				222	# the manager stops, so would be fine to enable this option. However,
				223	# if you are doing or is intended to do any operation such as perform cleanups
				224	# after the manager stops then its usage might be unsafe.
				225	# leaderElectionReleaseOnCancel: true
				226	kind: ConfigMap
				227	metadata:
				228	name: tcp-udp-transport-manager-config
				229	namespace: {{ .Release.Namespace }}
				230	---
				231	apiVersion: v1
				232	kind: Service
				233	metadata:
				234	labels:
				235	control-plane: controller-manager
				236	name: tcp-udp-transport-controller-manager-metrics-service
				237	namespace: {{ .Release.Namespace }}
				238	spec:
				239	ports:
				240	- name: https
				241	port: 8443
				242	protocol: TCP
				243	targetPort: https
				244	selector:
				245	control-plane: controller-manager
				246	---
				247	apiVersion: apps/v1
				248	kind: Deployment
				249	metadata:
				250	labels:
				251	control-plane: controller-manager
				252	name: tcp-udp-transport-controller-manager
				253	namespace: {{ .Release.Namespace }}
				254	spec:
				255	replicas: 1
				256	selector:
				257	matchLabels:
				258	control-plane: controller-manager
				259	template:
				260	metadata:
				261	annotations:
				262	kubectl.kubernetes.io/default-container: manager
				263	labels:
				264	control-plane: controller-manager
				265	spec:
				266	containers:
				267	- args:
				268	- --secure-listen-address=0.0.0.0:8443
				269	- --upstream=http://127.0.0.1:8080/
				270	- --logtostderr=true
				271	- --v=0
				272	image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.0
				273	name: kube-rbac-proxy
				274	ports:
				275	- containerPort: 8443
				276	name: https
				277	protocol: TCP
				278	resources:
				279	limits:
				280	cpu: 500m
				281	memory: 128Mi
				282	requests:
				283	cpu: 5m
				284	memory: 64Mi
				285	securityContext:
				286	allowPrivilegeEscalation: false
				287	capabilities:
				288	drop:
				289	- ALL
				290	- args:
				291	- --health-probe-bind-address=:8081
				292	- --metrics-bind-address=127.0.0.1:8080
				293	- --leader-elect
				294	command:
				295	- /manager
				296	image: giolekva/service-transport-controller:latest
				297	livenessProbe:
				298	httpGet:
				299	path: /healthz
				300	port: 8081
				301	initialDelaySeconds: 15
				302	periodSeconds: 20
				303	name: manager
				304	readinessProbe:
				305	httpGet:
				306	path: /readyz
				307	port: 8081
				308	initialDelaySeconds: 5
				309	periodSeconds: 10
				310	resources:
				311	limits:
				312	cpu: 500m
				313	memory: 128Mi
				314	requests:
				315	cpu: 10m
				316	memory: 64Mi
				317	securityContext:
				318	allowPrivilegeEscalation: false
				319	capabilities:
				320	drop:
				321	- ALL
				322	securityContext:
				323	runAsNonRoot: true
				324	serviceAccountName: tcp-udp-transport-controller-manager
				325	terminationGracePeriodSeconds: 10