Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / refs/heads/main / . / charts / env-manager / templates / install.yaml
blob: dd14caf8d5d83b27fa97598c7e99dee8d611c34b [file] [log] [blame]
Giorgi Lekveishvili7fb28bf2023-06-24 19:51:16 +0400[diff] [blame]1apiVersion: rbac.authorization.k8s.io/v1
2kind: ClusterRole
3metadata:
Giorgi Lekveishvili9d037332023-07-06 19:48:49 +0400[diff] [blame]4 name: {{ .Values.clusterRoleName }}
Giorgi Lekveishviliefce51f2023-12-12 18:25:48 +0400[diff] [blame]5rules: # TODO(gio): restrict to ns create and dnszone get
Giorgi Lekveishvili7fb28bf2023-06-24 19:51:16 +0400[diff] [blame]6- apiGroups:
Giorgi Lekveishviliefce51f2023-12-12 18:25:48 +0400[diff] [blame]7 - "*"
Giorgi Lekveishvili7fb28bf2023-06-24 19:51:16 +0400[diff] [blame]8 resources:
Giorgi Lekveishviliefce51f2023-12-12 18:25:48 +0400[diff] [blame]9 - "*"
Giorgi Lekveishvili7fb28bf2023-06-24 19:51:16 +0400[diff] [blame]10 verbs:
Giorgi Lekveishviliefce51f2023-12-12 18:25:48 +0400[diff] [blame]11 - "*"
12# - apiGroups:
13# - ""
14# resources:
15# - namespaces
16# verbs:
17# - create
Giorgi Lekveishvili7fb28bf2023-06-24 19:51:16 +0400[diff] [blame]18---
19apiVersion: rbac.authorization.k8s.io/v1
20kind: ClusterRoleBinding
21metadata:
Giorgi Lekveishvili9d037332023-07-06 19:48:49 +0400[diff] [blame]22 name: {{ .Values.clusterRoleName }}
Giorgi Lekveishvili7fb28bf2023-06-24 19:51:16 +0400[diff] [blame]23roleRef:
24 apiGroup: rbac.authorization.k8s.io
25 kind: ClusterRole
Giorgi Lekveishvili9d037332023-07-06 19:48:49 +0400[diff] [blame]26 name: {{ .Values.clusterRoleName }}
Giorgi Lekveishvili7fb28bf2023-06-24 19:51:16 +0400[diff] [blame]27subjects:
28- kind: ServiceAccount
29 name: default
30 namespace: {{ .Release.Namespace }}
31---
Giorgi Lekveishvilib59a23b2023-06-16 15:49:49 +0400[diff] [blame]32apiVersion: v1
33kind: Secret
34metadata:
35 name: ssh-key
36type: Opaque
37data:
38 private: {{ .Values.sshPrivateKey }}
39---
40apiVersion: v1
41kind: Service
42metadata:
43 name: env-manager
44 namespace: {{ .Release.Namespace }}
45 annotations:
46 metallb.universe.tf/address-pool: local
47spec:
48 type: LoadBalancer
49 selector:
50 app: env-manager
51 ports:
52 - name: http
53 port: 80
54 targetPort: http
55 protocol: TCP
56---
57apiVersion: apps/v1
58kind: Deployment
59metadata:
60 name: env-manager
61 namespace: {{ .Release.Namespace }}
62spec:
63 selector:
64 matchLabels:
65 app: env-manager
66 replicas: 1
67 template:
68 metadata:
69 labels:
70 app: env-manager
71 spec:
72 volumes:
73 - name: ssh-key
74 secret:
75 secretName: ssh-key
76 containers:
77 - name: env-manager
78 image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
79 imagePullPolicy: {{ .Values.image.pullPolicy }}
80 ports:
81 - name: http
82 containerPort: 8080
83 protocol: TCP
84 command:
85 - pcloud-installer
86 - envmanager
Giorgi Lekveishvili06213422023-07-19 21:59:59 +0400[diff] [blame]87 - --repo-addr={{ .Values.repoIP }}:{{ .Values.repoPort }}
88 - --repo-name={{ .Values.repoName }}
Giorgi Lekveishvilib59a23b2023-06-16 15:49:49 +0400[diff] [blame]89 - --ssh-key=/pcloud/ssh-key/private
90 - --port=8080
91 volumeMounts:
92 - name: ssh-key
93 readOnly: true
94 mountPath: /pcloud/ssh-key