alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 14 Actions Activity
Files
7a22ebe745a43c02324fe73eaed7440a06834c05
infrastructure/clusters/cl01tl/manifests/kubelet-serving-cert-approver/kubelet-serving-cert-approver.yaml

255 lines
8.0 KiB
YAML
Raw Blame History

---
# Source: kubelet-serving-cert-approver/templates/namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
name: kubelet-serving-cert-approver
labels:
app.kubernetes.io/name: kubelet-serving-cert-approver
app.kubernetes.io/instance: kubelet-serving-cert-approver
app.kubernetes.io/part-of: kubelet-serving-cert-approver
pod-security.kubernetes.io/audit: restricted
pod-security.kubernetes.io/enforce: restricted
pod-security.kubernetes.io/warn: restricted
---
# Source: kubelet-serving-cert-approver/charts/kubelet-serving-cert-approver/templates/common.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: kubelet-serving-cert-approver
labels:
app.kubernetes.io/instance: kubelet-serving-cert-approver
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kubelet-serving-cert-approver
helm.sh/chart: kubelet-serving-cert-approver-4.4.0
namespace: kubelet-serving-cert-approver
secrets:
- name: kubelet-serving-cert-approver-kubelet-serving-cert-approver-sa-token
---
# Source: kubelet-serving-cert-approver/charts/kubelet-serving-cert-approver/templates/common.yaml
apiVersion: v1
kind: Secret
type: kubernetes.io/service-account-token
metadata:
name: kubelet-serving-cert-approver-kubelet-serving-cert-approver-sa-token
labels:
app.kubernetes.io/instance: kubelet-serving-cert-approver
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kubelet-serving-cert-approver
helm.sh/chart: kubelet-serving-cert-approver-4.4.0
annotations:
kubernetes.io/service-account.name: kubelet-serving-cert-approver
namespace: kubelet-serving-cert-approver
---
# Source: kubelet-serving-cert-approver/templates/cluster-role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: "certificates-kubelet-serving-cert-approver"
namespace: kubelet-serving-cert-approver
labels:
app.kubernetes.io/name: "certificates-kubelet-serving-cert-approver"
app.kubernetes.io/instance: kubelet-serving-cert-approver
app.kubernetes.io/part-of: kubelet-serving-cert-approver
rules:
- apiGroups:
- certificates.k8s.io
resources:
- certificatesigningrequests
verbs:
- get
- list
- watch
- apiGroups:
- certificates.k8s.io
resources:
- certificatesigningrequests/approval
verbs:
- update
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
- apiGroups:
- certificates.k8s.io
resourceNames:
- kubernetes.io/kubelet-serving
resources:
- signers
verbs:
- approve
---
# Source: kubelet-serving-cert-approver/templates/cluster-role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: "events-kubelet-serving-cert-approver"
namespace: kubelet-serving-cert-approver
labels:
app.kubernetes.io/name: "events-kubelet-serving-cert-approver"
app.kubernetes.io/instance: kubelet-serving-cert-approver
app.kubernetes.io/part-of: kubelet-serving-cert-approver
rules:
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
---
# Source: kubelet-serving-cert-approver/templates/cluster-role-binding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubelet-serving-cert-approver
namespace: kubelet-serving-cert-approver
labels:
app.kubernetes.io/name: kubelet-serving-cert-approver
app.kubernetes.io/instance: kubelet-serving-cert-approver
app.kubernetes.io/part-of: kubelet-serving-cert-approver
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: "certificates-kubelet-serving-cert-approver"
subjects:
- kind: ServiceAccount
name: kubelet-serving-cert-approver
namespace: kubelet-serving-cert-approver
---
# Source: kubelet-serving-cert-approver/templates/role-binding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: "events-kubelet-serving-cert-approver"
namespace: kubelet-serving-cert-approver
labels:
app.kubernetes.io/name: "events-kubelet-serving-cert-approver"
app.kubernetes.io/instance: kubelet-serving-cert-approver
app.kubernetes.io/part-of: kubelet-serving-cert-approver
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: "events-kubelet-serving-cert-approver"
subjects:
- kind: ServiceAccount
name: kubelet-serving-cert-approver
namespace: kubelet-serving-cert-approver
---
# Source: kubelet-serving-cert-approver/charts/kubelet-serving-cert-approver/templates/common.yaml
apiVersion: v1
kind: Service
metadata:
name: kubelet-serving-cert-approver
labels:
app.kubernetes.io/instance: kubelet-serving-cert-approver
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kubelet-serving-cert-approver
app.kubernetes.io/service: kubelet-serving-cert-approver
helm.sh/chart: kubelet-serving-cert-approver-4.4.0
namespace: kubelet-serving-cert-approver
spec:
type: ClusterIP
ports:
- port: 8080
targetPort: 8080
protocol: TCP
name: health
- port: 9090
targetPort: 9090
protocol: TCP
name: metrics
selector:
app.kubernetes.io/controller: main
app.kubernetes.io/instance: kubelet-serving-cert-approver
app.kubernetes.io/name: kubelet-serving-cert-approver
---
# Source: kubelet-serving-cert-approver/charts/kubelet-serving-cert-approver/templates/common.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: kubelet-serving-cert-approver
labels:
app.kubernetes.io/controller: main
app.kubernetes.io/instance: kubelet-serving-cert-approver
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kubelet-serving-cert-approver
helm.sh/chart: kubelet-serving-cert-approver-4.4.0
namespace: kubelet-serving-cert-approver
spec:
revisionHistoryLimit: 3
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app.kubernetes.io/controller: main
app.kubernetes.io/name: kubelet-serving-cert-approver
app.kubernetes.io/instance: kubelet-serving-cert-approver
template:
metadata:
annotations:
checksum/secrets: 591a33eca0bc5c4a8475d0538f3f4840841582c86a3ac2c97147b2b00e5774c5
labels:
app.kubernetes.io/controller: main
app.kubernetes.io/instance: kubelet-serving-cert-approver
app.kubernetes.io/name: kubelet-serving-cert-approver
spec:
enableServiceLinks: false
serviceAccountName: kubelet-serving-cert-approver
automountServiceAccountToken: true
priorityClassName: system-cluster-critical
securityContext:
fsGroup: 65534
runAsGroup: 65534
runAsUser: 65534
seccompProfile:
type: RuntimeDefault
hostIPC: false
hostNetwork: false
hostPID: false
dnsPolicy: ClusterFirst
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- preference:
matchExpressions:
- key: node-role.kubernetes.io/master
operator: DoesNotExist
- key: node-role.kubernetes.io/control-plane
operator: DoesNotExist
weight: 100
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
operator: Exists
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
operator: Exists
containers:
- args:
- serve
env:
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: ghcr.io/alex1989hu/kubelet-serving-cert-approver:0.10.0
imagePullPolicy: Always
name: main
resources:
requests:
cpu: 100m
memory: 128Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
Reference in New Issue View Git Blame Copy Permalink