From 238d01c5e4c4186000856cac0025a1db07370d0b Mon Sep 17 00:00:00 2001 From: alexlebens Date: Thu, 30 May 2024 11:59:29 -0500 Subject: [PATCH] remove kublet cert --- .../kubelet-serving-cert-approver/Chart.yaml | 13 --- .../kubelet-serving-cert-approver/README.md | 16 ---- .../templates/cluster-role-binding.yaml | 19 ---- .../templates/cluster-role.yaml | 61 ------------- .../templates/deployment.yaml | 88 ------------------- .../templates/namespace.yaml | 10 --- .../templates/role-binding.yaml | 19 ---- .../templates/service-account.yaml | 11 --- .../templates/service.yaml | 20 ----- .../kubelet-serving-cert-approver/values.yaml | 15 ---- 10 files changed, 272 deletions(-) delete mode 100644 charts/kubelet-serving-cert-approver/Chart.yaml delete mode 100644 charts/kubelet-serving-cert-approver/README.md delete mode 100644 charts/kubelet-serving-cert-approver/templates/cluster-role-binding.yaml delete mode 100644 charts/kubelet-serving-cert-approver/templates/cluster-role.yaml delete mode 100644 charts/kubelet-serving-cert-approver/templates/deployment.yaml delete mode 100644 charts/kubelet-serving-cert-approver/templates/namespace.yaml delete mode 100644 charts/kubelet-serving-cert-approver/templates/role-binding.yaml delete mode 100644 charts/kubelet-serving-cert-approver/templates/service-account.yaml delete mode 100644 charts/kubelet-serving-cert-approver/templates/service.yaml delete mode 100644 charts/kubelet-serving-cert-approver/values.yaml diff --git a/charts/kubelet-serving-cert-approver/Chart.yaml b/charts/kubelet-serving-cert-approver/Chart.yaml deleted file mode 100644 index 60a5cd9..0000000 --- a/charts/kubelet-serving-cert-approver/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v2 -name: kubelet-serving-cert-approver -version: 0.0.4 -description: Kubelet Serving TLS Certificate Signing Request Approver -keywords: - - kubernetes - - certificate -sources: - - https://github.com/alex1989hu/kubelet-serving-cert-approver - - https://github.com/alexlebens/helm-charts/charts/homepage -maintainers: - - name: alexlebens -appVersion: 0.8.1 diff --git a/charts/kubelet-serving-cert-approver/README.md b/charts/kubelet-serving-cert-approver/README.md deleted file mode 100644 index 925fc7d..0000000 --- a/charts/kubelet-serving-cert-approver/README.md +++ /dev/null @@ -1,16 +0,0 @@ -## Introduction - -[Kubelet Serving Certificate Approver](https://github.com/alex1989hu/kubelet-serving-cert-approver) - -Kubelet Serving Certificate Approver is a custom approving controller which approves kubernetes.io/kubelet-serving Certificate Signing Request that kubelet use to serve TLS endpoints. - -This chart bootstraps a [Kubelet Serving Certificate Approver](https://github.com/alex1989hu/kubelet-serving-cert-approver) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -## Prerequisites - -- Kubernetes -- Helm - -## Parameters - -See the [values files](values.yaml). diff --git a/charts/kubelet-serving-cert-approver/templates/cluster-role-binding.yaml b/charts/kubelet-serving-cert-approver/templates/cluster-role-binding.yaml deleted file mode 100644 index 47fab8b..0000000 --- a/charts/kubelet-serving-cert-approver/templates/cluster-role-binding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kubelet-serving-cert-approver - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: kubelet-serving-cert-approver - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: server - app.kubernetes.io/part-of: kubelet-serving-cert-approver -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: "certificates:{{ .Release.Name }}" -subjects: - - kind: ServiceAccount - name: {{ .Release.Name }} - namespace: {{ .Release.Namespace }} diff --git a/charts/kubelet-serving-cert-approver/templates/cluster-role.yaml b/charts/kubelet-serving-cert-approver/templates/cluster-role.yaml deleted file mode 100644 index 744a52d..0000000 --- a/charts/kubelet-serving-cert-approver/templates/cluster-role.yaml +++ /dev/null @@ -1,61 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: "certificates:{{ .Release.Name }}" - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: kubelet-serving-cert-approver - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: server - app.kubernetes.io/part-of: kubelet-serving-cert-approver -rules: - - apiGroups: - - certificates.k8s.io - resources: - - certificatesigningrequests - verbs: - - get - - list - - watch - - apiGroups: - - certificates.k8s.io - resources: - - certificatesigningrequests/approval - verbs: - - update - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - - apiGroups: - - certificates.k8s.io - resourceNames: - - kubernetes.io/kubelet-serving - resources: - - signers - verbs: - - approve - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: "events:{{ .Release.Name }}" - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: kubelet-serving-cert-approver - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: server - app.kubernetes.io/part-of: kubelet-serving-cert-approverv -rules: - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch diff --git a/charts/kubelet-serving-cert-approver/templates/deployment.yaml b/charts/kubelet-serving-cert-approver/templates/deployment.yaml deleted file mode 100644 index 5327ecc..0000000 --- a/charts/kubelet-serving-cert-approver/templates/deployment.yaml +++ /dev/null @@ -1,88 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: kubelet-serving-cert-approver - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: kubelet-serving-cert-approver - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: server - app.kubernetes.io/part-of: kubelet-serving-cert-approver -spec: - revisionHistoryLimit: 3 - replicas: {{ .Values.deployment.replicas }} - strategy: - type: {{ .Values.deployment.strategy }} - selector: - matchLabels: - app.kubernetes.io/name: kubelet-serving-cert-approver - app.kubernetes.io/instance: {{ .Release.Name }} - - template: - metadata: - labels: - app.kubernetes.io/name: kubelet-serving-cert-approver - app.kubernetes.io/instance: {{ .Release.Name }} - spec: - affinity: - nodeAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - preference: - matchExpressions: - - key: node-role.kubernetes.io/master - operator: DoesNotExist - - key: node-role.kubernetes.io/control-plane - operator: DoesNotExist - weight: 100 - containers: - - name: {{ .Release.Name }} - image: "{{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag }}" - imagePullPolicy: {{ .Values.deployment.image.imagePullPolicy }} - ports: - - containerPort: 8080 - name: health - - containerPort: 9090 - name: metrics - args: - - serve - env: - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: - {{- toYaml .Values.deployment.resources | nindent 12 }} - livenessProbe: - httpGet: - path: /healthz - port: health - initialDelaySeconds: 6 - readinessProbe: - httpGet: - path: /readyz - port: health - initialDelaySeconds: 3 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: true - priorityClassName: {{ .Values.deployment.priorityClassName }} - securityContext: - fsGroup: 65534 - runAsGroup: 65534 - runAsUser: 65534 - seccompProfile: - type: RuntimeDefault - serviceAccountName: kubelet-serving-cert-approver - tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/master - operator: Exists - - effect: NoSchedule - key: node-role.kubernetes.io/control-plane - operator: Exists diff --git a/charts/kubelet-serving-cert-approver/templates/namespace.yaml b/charts/kubelet-serving-cert-approver/templates/namespace.yaml deleted file mode 100644 index 18e109b..0000000 --- a/charts/kubelet-serving-cert-approver/templates/namespace.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: kubelet-serving-cert-approver - labels: - app.kubernetes.io/name: kubelet-serving-cert-approver - app.kubernetes.io/instance: {{ .Release.Name }} - pod-security.kubernetes.io/audit: restricted - pod-security.kubernetes.io/enforce: restricted - pod-security.kubernetes.io/warn: restricted diff --git a/charts/kubelet-serving-cert-approver/templates/role-binding.yaml b/charts/kubelet-serving-cert-approver/templates/role-binding.yaml deleted file mode 100644 index 94da549..0000000 --- a/charts/kubelet-serving-cert-approver/templates/role-binding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: "events:{{ .Release.Name }}" - namespace: default - labels: - app.kubernetes.io/name: kubelet-serving-cert-approver - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: server - app.kubernetes.io/part-of: kubelet-serving-cert-approver -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: "events:{{ .Release.Name }}" -subjects: - - kind: ServiceAccount - name: kubelet-serving-cert-approver - namespace: {{ .Release.Name }} diff --git a/charts/kubelet-serving-cert-approver/templates/service-account.yaml b/charts/kubelet-serving-cert-approver/templates/service-account.yaml deleted file mode 100644 index 710325e..0000000 --- a/charts/kubelet-serving-cert-approver/templates/service-account.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kubelet-serving-cert-approver - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: kubelet-serving-cert-approver - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: server - app.kubernetes.io/part-of: kubelet-serving-cert-approver diff --git a/charts/kubelet-serving-cert-approver/templates/service.yaml b/charts/kubelet-serving-cert-approver/templates/service.yaml deleted file mode 100644 index f0fd270..0000000 --- a/charts/kubelet-serving-cert-approver/templates/service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: kubelet-serving-cert-approver - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: kubelet-serving-cert-approver - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: server - app.kubernetes.io/part-of: kubelet-serving-cert-approver -spec: - ports: - - name: metrics - port: 9090 - protocol: TCP - targetPort: metrics - selector: - app.kubernetes.io/name: kubelet-serving-cert-approver - app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/charts/kubelet-serving-cert-approver/values.yaml b/charts/kubelet-serving-cert-approver/values.yaml deleted file mode 100644 index adf6b4b..0000000 --- a/charts/kubelet-serving-cert-approver/values.yaml +++ /dev/null @@ -1,15 +0,0 @@ -deployment: - replicas: 1 - strategy: Recreate - priorityClassName: system-cluster-critical - image: - repository: ghcr.io/alex1989hu/kubelet-serving-cert-approver - tag: main - imagePullPolicy: Always - resources: - limits: - cpu: 250m - memory: 32Mi - requests: - cpu: 10m - memory: 16Mi