alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 6 Actions Activity

chore: Update manifests after change

Browse Source
This commit is contained in:
Gitea
2026-04-16 01:01:11 +00:00
parent 8ae5854379
commit 52d7dfcc53
58 changed files with 1939 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
clusters/cl01tl/manifests/secrets-store-csi-driver/CSIDriver-secrets-store.csi.k8s.io.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: storage.k8s.io/v1
kind: CSIDriver
metadata:
name: secrets-store.csi.k8s.io
labels:
app.kubernetes.io/instance: "secrets-store-csi-driver"
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/name: "secrets-store-csi-driver"
app.kubernetes.io/version: "1.5.6"
app: secrets-store-csi-driver
helm.sh/chart: "secrets-store-csi-driver-1.5.6"
spec:
podInfoOnMount: true
attachRequired: false
volumeLifecycleModes:
- Ephemeral

27
clusters/cl01tl/manifests/secrets-store-csi-driver/ClusterRole-secretproviderclasses-admin-role.yaml Normal file
View File

@@ -0,0 +1,27 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
labels:
app.kubernetes.io/instance: "secrets-store-csi-driver"
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/name: "secrets-store-csi-driver"
app.kubernetes.io/version: "1.5.6"
app: secrets-store-csi-driver
helm.sh/chart: "secrets-store-csi-driver-1.5.6"
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
name: secretproviderclasses-admin-role
rules:
- apiGroups:
- secrets-store.csi.x-k8s.io
resources:
- secretproviderclasses
verbs:
- get
- list
- watch
- create
- update
- patch
- delete

65
clusters/cl01tl/manifests/secrets-store-csi-driver/ClusterRole-secretproviderclasses-role.yaml Normal file
View File

@@ -0,0 +1,65 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: secretproviderclasses-role
labels:
app.kubernetes.io/instance: "secrets-store-csi-driver"
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/name: "secrets-store-csi-driver"
app.kubernetes.io/version: "1.5.6"
app: secrets-store-csi-driver
helm.sh/chart: "secrets-store-csi-driver-1.5.6"
rules:
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- watch
- apiGroups:
- secrets-store.csi.x-k8s.io
resources:
- secretproviderclasses
verbs:
- get
- list
- watch
- apiGroups:
- secrets-store.csi.x-k8s.io
resources:
- secretproviderclasspodstatuses
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- secrets-store.csi.x-k8s.io
resources:
- secretproviderclasspodstatuses/status
verbs:
- get
- patch
- update
- apiGroups:
- storage.k8s.io
resourceNames:
- secrets-store.csi.k8s.io
resources:
- csidrivers
verbs:
- get
- list
- watch

22
clusters/cl01tl/manifests/secrets-store-csi-driver/ClusterRole-secretproviderclasses-viewer-role.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
labels:
app.kubernetes.io/instance: "secrets-store-csi-driver"
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/name: "secrets-store-csi-driver"
app.kubernetes.io/version: "1.5.6"
app: secrets-store-csi-driver
helm.sh/chart: "secrets-store-csi-driver-1.5.6"
rbac.authorization.k8s.io/aggregate-to-view: "true"
name: secretproviderclasses-viewer-role
rules:
- apiGroups:
- secrets-store.csi.x-k8s.io
resources:
- secretproviderclasses
verbs:
- get
- list
- watch

22
clusters/cl01tl/manifests/secrets-store-csi-driver/ClusterRole-secretproviderclasspodstatuses-viewer-role.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
labels:
app.kubernetes.io/instance: "secrets-store-csi-driver"
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/name: "secrets-store-csi-driver"
app.kubernetes.io/version: "1.5.6"
app: secrets-store-csi-driver
helm.sh/chart: "secrets-store-csi-driver-1.5.6"
rbac.authorization.k8s.io/aggregate-to-view: "true"
name: secretproviderclasspodstatuses-viewer-role
rules:
- apiGroups:
- secrets-store.csi.x-k8s.io
resources:
- secretproviderclasspodstatuses
verbs:
- get
- list
- watch

19
clusters/cl01tl/manifests/secrets-store-csi-driver/ClusterRole-secrets-store-csi-driver-keep-crds.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: secrets-store-csi-driver-keep-crds
labels:
app.kubernetes.io/instance: "secrets-store-csi-driver"
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/name: "secrets-store-csi-driver"
app.kubernetes.io/version: "1.5.6"
app: secrets-store-csi-driver
helm.sh/chart: "secrets-store-csi-driver-1.5.6"
annotations:
helm.sh/hook: pre-upgrade
helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
helm.sh/hook-weight: "2"
rules:
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["get", "patch"]

19
clusters/cl01tl/manifests/secrets-store-csi-driver/ClusterRole-secrets-store-csi-driver-upgrade-crds.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: secrets-store-csi-driver-upgrade-crds
labels:
app.kubernetes.io/instance: "secrets-store-csi-driver"
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/name: "secrets-store-csi-driver"
app.kubernetes.io/version: "1.5.6"
app: secrets-store-csi-driver
helm.sh/chart: "secrets-store-csi-driver-1.5.6"
annotations:
helm.sh/hook: pre-install,pre-upgrade
helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
helm.sh/hook-weight: "1"
rules:
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["get", "create", "update", "patch"]

19
clusters/cl01tl/manifests/secrets-store-csi-driver/ClusterRoleBinding-secretproviderclasses-rolebinding.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: secretproviderclasses-rolebinding
labels:
app.kubernetes.io/instance: "secrets-store-csi-driver"
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/name: "secrets-store-csi-driver"
app.kubernetes.io/version: "1.5.6"
app: secrets-store-csi-driver
helm.sh/chart: "secrets-store-csi-driver-1.5.6"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: secretproviderclasses-role
subjects:
- kind: ServiceAccount
name: secrets-store-csi-driver
namespace: secrets-store-csi-driver

23
clusters/cl01tl/manifests/secrets-store-csi-driver/ClusterRoleBinding-secrets-store-csi-driver-keep-crds.yaml Normal file
View File

@@ -0,0 +1,23 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: secrets-store-csi-driver-keep-crds
labels:
app.kubernetes.io/instance: "secrets-store-csi-driver"
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/name: "secrets-store-csi-driver"
app.kubernetes.io/version: "1.5.6"
app: secrets-store-csi-driver
helm.sh/chart: "secrets-store-csi-driver-1.5.6"
annotations:
helm.sh/hook: pre-upgrade
helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
helm.sh/hook-weight: "2"
subjects:
- kind: ServiceAccount
name: secrets-store-csi-driver-keep-crds
namespace: secrets-store-csi-driver
roleRef:
kind: ClusterRole
name: secrets-store-csi-driver-keep-crds
apiGroup: rbac.authorization.k8s.io

23
clusters/cl01tl/manifests/secrets-store-csi-driver/ClusterRoleBinding-secrets-store-csi-driver-upgrade-crds.yaml Normal file
View File

@@ -0,0 +1,23 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: secrets-store-csi-driver-upgrade-crds
labels:
app.kubernetes.io/instance: "secrets-store-csi-driver"
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/name: "secrets-store-csi-driver"
app.kubernetes.io/version: "1.5.6"
app: secrets-store-csi-driver
helm.sh/chart: "secrets-store-csi-driver-1.5.6"
annotations:
helm.sh/hook: pre-install,pre-upgrade
helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
helm.sh/hook-weight: "1"
subjects:
- kind: ServiceAccount
name: secrets-store-csi-driver-upgrade-crds
namespace: secrets-store-csi-driver
roleRef:
kind: ClusterRole
name: secrets-store-csi-driver-upgrade-crds
apiGroup: rbac.authorization.k8s.io

180
clusters/cl01tl/manifests/secrets-store-csi-driver/CustomResourceDefinition-secretproviderclasses.secrets-store.csi.x-k8s.io.yaml Normal file
View File

@@ -0,0 +1,180 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.3
name: secretproviderclasses.secrets-store.csi.x-k8s.io
spec:
group: secrets-store.csi.x-k8s.io
names:
kind: SecretProviderClass
listKind: SecretProviderClassList
plural: secretproviderclasses
singular: secretproviderclass
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: SecretProviderClass is the Schema for the secretproviderclasses API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: SecretProviderClassSpec defines the desired state of SecretProviderClass
properties:
parameters:
additionalProperties:
type: string
description: Configuration for specific provider
type: object
provider:
description: Configuration for provider name
type: string
secretObjects:
items:
description: SecretObject defines the desired state of synced K8s secret objects
properties:
annotations:
additionalProperties:
type: string
description: annotations of k8s secret object
type: object
data:
items:
description: SecretObjectData defines the desired state of synced K8s secret object data
properties:
key:
description: data field to populate
type: string
objectName:
description: name of the object to sync
type: string
type: object
type: array
labels:
additionalProperties:
type: string
description: labels of K8s secret object
type: object
secretName:
description: name of the K8s secret object
type: string
type:
description: type of K8s secret object
type: string
type: object
type: array
type: object
status:
description: SecretProviderClassStatus defines the observed state of SecretProviderClass
type: object
type: object
served: true
storage: true
- deprecated: true
deprecationWarning: secrets-store.csi.x-k8s.io/v1alpha1 is deprecated. Use secrets-store.csi.x-k8s.io/v1 instead.
name: v1alpha1
schema:
openAPIV3Schema:
description: SecretProviderClass is the Schema for the secretproviderclasses API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: SecretProviderClassSpec defines the desired state of SecretProviderClass
properties:
parameters:
additionalProperties:
type: string
description: Configuration for specific provider
type: object
provider:
description: Configuration for provider name
type: string
secretObjects:
items:
description: SecretObject defines the desired state of synced K8s secret objects
properties:
annotations:
additionalProperties:
type: string
description: annotations of k8s secret object
type: object
data:
items:
description: SecretObjectData defines the desired state of synced K8s secret object data
properties:
key:
description: data field to populate
type: string
objectName:
description: name of the object to sync
type: string
type: object
type: array
labels:
additionalProperties:
type: string
description: labels of K8s secret object
type: object
secretName:
description: name of the K8s secret object
type: string
type:
description: type of K8s secret object
type: string
type: object
type: array
type: object
status:
description: SecretProviderClassStatus defines the observed state of SecretProviderClass
properties:
byPod:
items:
description: |-
ByPodStatus defines the state of SecretProviderClass as seen by
an individual controller
properties:
id:
description: id of the pod that wrote the status
type: string
namespace:
description: namespace of the pod that wrote the status
type: string
type: object
type: array
type: object
type: object
served: true
storage: false

110
clusters/cl01tl/manifests/secrets-store-csi-driver/CustomResourceDefinition-secretproviderclasspodstatuses.secrets-store.csi.x-k8s.io.yaml Normal file
View File

@@ -0,0 +1,110 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.3
name: secretproviderclasspodstatuses.secrets-store.csi.x-k8s.io
spec:
group: secrets-store.csi.x-k8s.io
names:
kind: SecretProviderClassPodStatus
listKind: SecretProviderClassPodStatusList
plural: secretproviderclasspodstatuses
singular: secretproviderclasspodstatus
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: SecretProviderClassPodStatus is the Schema for the secretproviderclassespodstatus API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
status:
description: SecretProviderClassPodStatusStatus defines the observed state of SecretProviderClassPodStatus
properties:
mounted:
type: boolean
objects:
items:
description: SecretProviderClassObject defines the object fetched from external secrets store
properties:
id:
type: string
version:
type: string
type: object
type: array
podName:
type: string
secretProviderClassName:
type: string
targetPath:
type: string
type: object
type: object
served: true
storage: true
- deprecated: true
name: v1alpha1
schema:
openAPIV3Schema:
description: SecretProviderClassPodStatus is the Schema for the secretproviderclassespodstatus API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
status:
description: SecretProviderClassPodStatusStatus defines the observed state of SecretProviderClassPodStatus
properties:
mounted:
type: boolean
objects:
items:
description: SecretProviderClassObject defines the object fetched from external secrets store
properties:
id:
type: string
version:
type: string
type: object
type: array
podName:
type: string
secretProviderClassName:
type: string
targetPath:
type: string
type: object
type: object
served: true
storage: false

153
clusters/cl01tl/manifests/secrets-store-csi-driver/DaemonSet-secrets-store-csi-driver.yaml Normal file
View File

@@ -0,0 +1,153 @@
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: secrets-store-csi-driver
namespace: secrets-store-csi-driver
labels:
app.kubernetes.io/instance: "secrets-store-csi-driver"
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/name: "secrets-store-csi-driver"
app.kubernetes.io/version: "1.5.6"
app: secrets-store-csi-driver
helm.sh/chart: "secrets-store-csi-driver-1.5.6"
spec:
selector:
matchLabels:
app: secrets-store-csi-driver
updateStrategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
labels:
app.kubernetes.io/instance: "secrets-store-csi-driver"
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/name: "secrets-store-csi-driver"
app.kubernetes.io/version: "1.5.6"
app: secrets-store-csi-driver
helm.sh/chart: "secrets-store-csi-driver-1.5.6"
annotations:
kubectl.kubernetes.io/default-container: secrets-store
spec:
automountServiceAccountToken: true
serviceAccountName: secrets-store-csi-driver
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: type
operator: NotIn
values:
- virtual-kubelet
containers:
- name: node-driver-registrar
image: "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.16.0@sha256:ab482308a4921e28a6df09a16ab99a457e9af9641ff44fb1be1a690d07ce8b70"
args:
- --v=5
- --csi-address=/csi/csi.sock
- --kubelet-registration-path=/var/lib/kubelet/plugins/csi-secrets-store/csi.sock
imagePullPolicy: IfNotPresent
volumeMounts:
- name: plugin-dir
mountPath: /csi
- name: registration-dir
mountPath: /registration
resources:
limits: {}
requests:
cpu: 10m
memory: 20Mi
- name: secrets-store
image: "registry.k8s.io/csi-secrets-store/driver:v1.5.6@sha256:6df2b3b3817136d2ade3d53306dbbd98385c1c01e8b3c373192c0e5b8d183f7b"
args:
- "--endpoint=$(CSI_ENDPOINT)"
- "--nodeid=$(KUBE_NODE_NAME)"
- "--provider-volume=/var/run/secrets-store-csi-providers"
- "--additional-provider-volume-paths=/etc/kubernetes/secrets-store-csi-providers"
- "--metrics-addr=:8095"
- "--provider-health-check-interval=2m"
- "--max-call-recv-msg-size=4194304"
env:
- name: CSI_ENDPOINT
value: unix:///csi/csi.sock
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
imagePullPolicy: IfNotPresent
securityContext:
privileged: true
ports:
- containerPort: 9808
name: healthz
protocol: TCP
- containerPort: 8095
name: metrics
protocol: TCP
livenessProbe:
failureThreshold: 5
httpGet:
path: /healthz
port: healthz
initialDelaySeconds: 30
timeoutSeconds: 10
periodSeconds: 15
volumeMounts:
- name: plugin-dir
mountPath: /csi
- name: mountpoint-dir
mountPath: /var/lib/kubelet/pods
mountPropagation: Bidirectional
- name: providers-dir
mountPath: /var/run/secrets-store-csi-providers
- name: providers-dir-0
mountPath: "/etc/kubernetes/secrets-store-csi-providers"
resources:
limits: {}
requests:
cpu: 10m
memory: 100Mi
- name: liveness-probe
image: "registry.k8s.io/sig-storage/livenessprobe:v2.18.0@sha256:c4cc074199c045dd73ab85f28897e2a32f4d6f38ffdba4f3b13b8007ccbd3570"
imagePullPolicy: IfNotPresent
args:
- --csi-address=/csi/csi.sock
- --probe-timeout=3s
- --http-endpoint=0.0.0.0:9808
- -v=2
volumeMounts:
- name: plugin-dir
mountPath: /csi
resources:
limits: {}
requests:
cpu: 10m
memory: 20Mi
volumes:
- name: mountpoint-dir
hostPath:
path: /var/lib/kubelet/pods
type: DirectoryOrCreate
- name: registration-dir
hostPath:
path: /var/lib/kubelet/plugins_registry/
type: Directory
- name: plugin-dir
hostPath:
path: /var/lib/kubelet/plugins/csi-secrets-store/
type: DirectoryOrCreate
- name: providers-dir
hostPath:
path: /var/run/secrets-store-csi-providers
type: DirectoryOrCreate
- name: providers-dir-0
hostPath:
path: "/etc/kubernetes/secrets-store-csi-providers"
type: DirectoryOrCreate
nodeSelector:
kubernetes.io/os: linux
tolerations:
- operator: Exists

39
clusters/cl01tl/manifests/secrets-store-csi-driver/Job-secrets-store-csi-driver-keep-crds.yaml Normal file
View File

@@ -0,0 +1,39 @@
apiVersion: batch/v1
kind: Job
metadata:
name: secrets-store-csi-driver-keep-crds
namespace: secrets-store-csi-driver
labels:
app.kubernetes.io/instance: "secrets-store-csi-driver"
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/name: "secrets-store-csi-driver"
app.kubernetes.io/version: "1.5.6"
app: secrets-store-csi-driver
helm.sh/chart: "secrets-store-csi-driver-1.5.6"
annotations:
helm.sh/hook: pre-upgrade
helm.sh/hook-weight: "20"
helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
spec:
backoffLimit: 3
template:
metadata:
name: secrets-store-csi-driver-keep-crds
spec:
serviceAccountName: secrets-store-csi-driver-keep-crds
restartPolicy: Never
containers:
- name: crds-keep
image: "registry.k8s.io/csi-secrets-store/driver-crds:v1.5.6@sha256:d40d9212beb62ee0f9f09b75d024ed807816879f38e75eca309497c3df89568c"
args:
- patch
- crd
- secretproviderclasses.secrets-store.csi.x-k8s.io
- secretproviderclasspodstatuses.secrets-store.csi.x-k8s.io
- -p
- '{"metadata":{"annotations": {"helm.sh/resource-policy": "keep"}}}'
imagePullPolicy: IfNotPresent
nodeSelector:
kubernetes.io/os: linux
tolerations:
- operator: Exists

36
clusters/cl01tl/manifests/secrets-store-csi-driver/Job-secrets-store-csi-driver-upgrade-crds.yaml Normal file
View File

@@ -0,0 +1,36 @@
apiVersion: batch/v1
kind: Job
metadata:
name: secrets-store-csi-driver-upgrade-crds
namespace: secrets-store-csi-driver
labels:
app.kubernetes.io/instance: "secrets-store-csi-driver"
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/name: "secrets-store-csi-driver"
app.kubernetes.io/version: "1.5.6"
app: secrets-store-csi-driver
helm.sh/chart: "secrets-store-csi-driver-1.5.6"
annotations:
helm.sh/hook: pre-install,pre-upgrade
helm.sh/hook-weight: "10"
helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
spec:
backoffLimit: 3
template:
metadata:
name: secrets-store-csi-driver-upgrade-crds
spec:
serviceAccountName: secrets-store-csi-driver-upgrade-crds
restartPolicy: Never
containers:
- name: crds-upgrade
image: "registry.k8s.io/csi-secrets-store/driver-crds:v1.5.6@sha256:d40d9212beb62ee0f9f09b75d024ed807816879f38e75eca309497c3df89568c"
args:
- apply
- -f
- crds/
imagePullPolicy: IfNotPresent
nodeSelector:
kubernetes.io/os: linux
tolerations:
- operator: Exists

16
clusters/cl01tl/manifests/secrets-store-csi-driver/ServiceAccount-secrets-store-csi-driver-keep-crds.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: secrets-store-csi-driver-keep-crds
namespace: secrets-store-csi-driver
labels:
app.kubernetes.io/instance: "secrets-store-csi-driver"
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/name: "secrets-store-csi-driver"
app.kubernetes.io/version: "1.5.6"
app: secrets-store-csi-driver
helm.sh/chart: "secrets-store-csi-driver-1.5.6"
annotations:
helm.sh/hook: pre-upgrade
helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
helm.sh/hook-weight: "2"

16
clusters/cl01tl/manifests/secrets-store-csi-driver/ServiceAccount-secrets-store-csi-driver-upgrade-crds.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: secrets-store-csi-driver-upgrade-crds
namespace: secrets-store-csi-driver
labels:
app.kubernetes.io/instance: "secrets-store-csi-driver"
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/name: "secrets-store-csi-driver"
app.kubernetes.io/version: "1.5.6"
app: secrets-store-csi-driver
helm.sh/chart: "secrets-store-csi-driver-1.5.6"
annotations:
helm.sh/hook: pre-install,pre-upgrade
helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
helm.sh/hook-weight: "1"

12
clusters/cl01tl/manifests/secrets-store-csi-driver/ServiceAccount-secrets-store-csi-driver.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: secrets-store-csi-driver
namespace: secrets-store-csi-driver
labels:
app.kubernetes.io/instance: "secrets-store-csi-driver"
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/name: "secrets-store-csi-driver"
app.kubernetes.io/version: "1.5.6"
app: secrets-store-csi-driver
helm.sh/chart: "secrets-store-csi-driver-1.5.6"