imfreedom/k8s-cluster

Move 50-hub.imfreedom.org to kustomize

2021-06-17, Gary Kramlich
20da8b38faa3
Move 50-hub.imfreedom.org to kustomize
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: gemini-controller
namespace: gemini
labels:
app: gemini
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: gemini-controller
labels:
app: gemini
rules:
- apiGroups:
- gemini.fairwinds.com
resources:
- snapshotgroups
verbs:
- get
- list
- watch
- create
- update
- delete
- apiGroups:
- snapshot.storage.k8s.io
- ''
resources:
- volumesnapshots
- persistentvolumeclaims
verbs:
- get
- list
- create
- update
- delete
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- create
- delete
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: gemini-controller
labels:
app: gemini
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: gemini-controller
subjects:
- kind: ServiceAccount
name: gemini-controller
namespace: gemini
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: gemini-controller
namespace: gemini
labels:
app: gemini
spec:
replicas: 1
selector:
matchLabels:
app: gemini
template:
metadata:
labels:
app: gemini
spec:
serviceAccountName: gemini-controller
containers:
- command:
- gemini
image: quay.io/fairwinds/gemini:0.1
imagePullPolicy: Always
name: gemini-controller
resources:
requests:
memory: 64Mi
cpu: 25m
limits:
memory: 128Mi
cpu: 100m
securityContext:
allowPrivilegeEscalation: false
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
capabilities:
drop:
- ALL
---