alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 7 Actions Activity

convert to use app-template

Browse Source
This commit is contained in:
Alex Lebens
2024-05-29 12:03:01 -05:00
parent dcc111a531
commit 3df9f363fc
6 changed files with 196 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
clusters/cl01tl/standalone/kubelet-serving-cert-approver/Chart.yaml
View File

@@ -1,11 +1,18 @@
apiVersion: v2
name: kubelet-serving-cert-approver
version: 0.0.3
version: 1.0.0
description: Kubelet Serving TLS Certificate Signing Request Approver
keywords:
- kubernetes
- certificate
sources:
- https://github.com/alex1989hu/kubelet-serving-cert-approver
- https://github.com/alexlebens/helm-charts/charts/homepage
- https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: kubelet-serving-cert-approver
version: 0.0.4
repository: http://alexlebens.github.io/helm-charts
appVersion: 0.8.1
- name: app-template
alias: kubelet-serving-cert-approver
repository: https://bjw-s.github.io/helm-charts/
version: 3.2.1
appVersion: 0.8.3

19
clusters/cl01tl/standalone/kubelet-serving-cert-approver/templates/cluster-role-binding.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubelet-serving-cert-approver
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kubelet-serving-cert-approver
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: server
app.kubernetes.io/part-of: {{ .Release.Name }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: "certificates:{{ .Release.Name }}"
subjects:
- kind: ServiceAccount
name: {{ .Release.Name }}
namespace: {{ .Release.Namespace }}

61
clusters/cl01tl/standalone/kubelet-serving-cert-approver/templates/cluster-role.yaml Normal file
View File

@@ -0,0 +1,61 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: "certificates:{{ .Release.Name }}"
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kubelet-serving-cert-approver
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: server
app.kubernetes.io/part-of: {{ .Release.Name }}
rules:
- apiGroups:
- certificates.k8s.io
resources:
- certificatesigningrequests
verbs:
- get
- list
- watch
- apiGroups:
- certificates.k8s.io
resources:
- certificatesigningrequests/approval
verbs:
- update
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
- apiGroups:
- certificates.k8s.io
resourceNames:
- kubernetes.io/kubelet-serving
resources:
- signers
verbs:
- approve
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: "events:{{ .Release.Name }}"
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kubelet-serving-cert-approver
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: server
app.kubernetes.io/part-of: {{ .Release.Name }}
rules:
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch

10
clusters/cl01tl/standalone/kubelet-serving-cert-approver/templates/namespace.yaml Normal file
View File

@@ -0,0 +1,10 @@
apiVersion: v1
kind: Namespace
metadata:
name: kubelet-serving-cert-approver
labels:
app.kubernetes.io/name: kubelet-serving-cert-approver
app.kubernetes.io/instance: {{ .Release.Name }}
pod-security.kubernetes.io/audit: restricted
pod-security.kubernetes.io/enforce: restricted
pod-security.kubernetes.io/warn: restricted

19
clusters/cl01tl/standalone/kubelet-serving-cert-approver/templates/role-binding.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: "events:{{ .Release.Name }}"
namespace: default
labels:
app.kubernetes.io/name: kubelet-serving-cert-approver
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: server
app.kubernetes.io/part-of: kubelet-serving-cert-approver
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: "events:{{ .Release.Name }}"
subjects:
- kind: ServiceAccount
name: kubelet-serving-cert-approver
namespace: {{ .Release.Name }}

74
clusters/cl01tl/standalone/kubelet-serving-cert-approver/values.yaml Normal file
View File

@@ -0,0 +1,74 @@
kubelet-serving-cert-approver:
defaultPodOptions:
priorityClassName: system-cluster-critical
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- preference:
matchExpressions:
- key: node-role.kubernetes.io/master
operator: DoesNotExist
- key: node-role.kubernetes.io/control-plane
operator: DoesNotExist
weight: 100
securityContext:
fsGroup: 65534
runAsGroup: 65534
runAsUser: 65534
seccompProfile:
type: RuntimeDefault
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
operator: Exists
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
operator: Exists
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/alex1989hu/kubelet-serving-cert-approver
tag: v0.8.3
pullPolicy: Always
args:
- serve
env:
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
resources:
requests:
cpu: 100m
memory: 128Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
serviceAccount:
create: true
service:
main:
controller: main
ports:
health:
port: 8080
targetPort: 8080
protocol: HTTP
main:
controller: main
ports:
metrics:
port: 9090
targetPort: 9090
protocol: HTTP