imfreedom/k8s-cluster

Update the allowed groups for pidgin.im xmpp

19 months ago, Gary Kramlich
f3fdd3dab6c1
Update the allowed groups for pidgin.im xmpp

Apparently groups don't matter for the group or in values in hub queries, but
the project name does? I dunno, but this seems to work fine.
# keel.sh is a tool to automatically update deployments when external things
# like image tags change on a registry.
#
# This manifest is a cleaned up version of
# curl "https://sunstone.dev/keel?namespace=keel&username=admin&password=admin&tag=latest"
---
apiVersion: v1
kind: Namespace
metadata:
name: keel
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: keel
namespace: keel
labels:
app: keel
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: keel
rules:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- watch
- list
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- watch
- list
- apiGroups:
- ""
- extensions
- apps
- batch
resources:
- pods
- replicasets
- replicationcontrollers
- statefulsets
- deployments
- daemonsets
- jobs
- cronjobs
verbs:
- get
- delete # required to delete pods during force upgrade of the same tag
- watch
- list
- update
- apiGroups:
- ""
resources:
- configmaps
- pods/portforward
verbs:
- get
- create
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: keel
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: keel
subjects:
- kind: ServiceAccount
name: keel
namespace: keel
---
apiVersion: v1
kind: Service
metadata:
name: keel
namespace: keel
labels:
app: keel
spec:
ports:
- port: 9300
protocol: TCP
name: keel
selector:
app: keel
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: keel
namespace: keel
labels:
app: keel
spec:
replicas: 1
selector:
matchLabels:
app: keel
template:
metadata:
labels:
app: keel
spec:
serviceAccountName: keel
containers:
- name: keel
image: keelhq/keel:latest
imagePullPolicy: Always
command: ["/bin/keel"]
env:
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
# Basic auth (to enable UI/API)
- name: BASIC_AUTH_USER
value: "admin"
- name: BASIC_AUTH_PASSWORD
value: "abc123"
- name: AUTHENTICATED_WEBHOOKS
value: "false"
- name: NOTIFICATION_LEVEL
value: "info"
# Enable insecure registries
- name: INSECURE_REGISTRY
value: "true"
# Our discord bridge
- name: WEBHOOK_ENDPOINT
value: "http://discord-keel-bridge:5000/v1/incoming"
ports:
- containerPort: 9300
livenessProbe:
httpGet:
path: /healthz
port: 9300
initialDelaySeconds: 30
timeoutSeconds: 10
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 50m
memory: 64Mi
---