imfreedom/k8s-cluster

Add keel.sh and update stuff to it

2020-12-29, Gary Kramlich
204faf5a72e0
Parents 65ed4ea3275e
Children 36df4c6dba79
Add keel.sh and update stuff to it
4 files changed, 176 insertions(+), 3 deletions(-)
  • +167 -0
    30-keel.yaml
  • +3 -1
    50-nest.pidgin.im.yaml
  • +3 -1
    50-reaperworld.com.yaml
  • +3 -1
    50-wasdead.yaml
    • --- /dev/null Thu Jan 01 00:00:00 1970 +0000
    +++ b/30-keel.yaml Tue Dec 29 04:14:20 2020 -0600
    @@ -0,0 +1,167 @@
    +# keel.sh is a tool to automatically update deployments when external things
    +# like image tags change on a registry.
    +#
    +# This manifest is a cleaned up version of
    +# curl "https://sunstone.dev/keel?namespace=keel&username=admin&password=admin&tag=latest"
    +---
    +apiVersion: v1
    +kind: Namespace
    +metadata:
    + name: keel
    +---
    +apiVersion: v1
    +kind: ServiceAccount
    +metadata:
    + name: keel
    + namespace: keel
    + labels:
    + app: keel
    +---
    +apiVersion: rbac.authorization.k8s.io/v1
    +kind: ClusterRole
    +metadata:
    + name: keel
    +rules:
    + - apiGroups:
    + - ""
    + resources:
    + - namespaces
    + verbs:
    + - watch
    + - list
    + - apiGroups:
    + - ""
    + resources:
    + - secrets
    + verbs:
    + - get
    + - watch
    + - list
    + - apiGroups:
    + - ""
    + - extensions
    + - apps
    + - batch
    + resources:
    + - pods
    + - replicasets
    + - replicationcontrollers
    + - statefulsets
    + - deployments
    + - daemonsets
    + - jobs
    + - cronjobs
    + verbs:
    + - get
    + - delete # required to delete pods during force upgrade of the same tag
    + - watch
    + - list
    + - update
    + - apiGroups:
    + - ""
    + resources:
    + - configmaps
    + - pods/portforward
    + verbs:
    + - get
    + - create
    + - update
    +---
    +apiVersion: rbac.authorization.k8s.io/v1
    +kind: ClusterRoleBinding
    +metadata:
    + name: keel
    +roleRef:
    + apiGroup: rbac.authorization.k8s.io
    + kind: ClusterRole
    + name: keel
    +subjects:
    + - kind: ServiceAccount
    + name: keel
    + namespace: keel
    +---
    +apiVersion: v1
    +kind: Service
    +metadata:
    + name: keel
    + namespace: keel
    + labels:
    + app: keel
    +spec:
    + type: LoadBalancer
    + ports:
    + - port: 9300
    + targetPort: 9300
    + protocol: TCP
    + name: keel
    + selector:
    + app: keel
    + sessionAffinity: None
    +---
    +apiVersion: apps/v1
    +kind: Deployment
    +metadata:
    + name: keel
    + namespace: keel
    + labels:
    + app: keel
    +spec:
    + replicas: 1
    + selector:
    + matchLabels:
    + app: keel
    + template:
    + metadata:
    + labels:
    + app: keel
    + spec:
    + serviceAccountName: keel
    + containers:
    + - name: keel
    + image: keelhq/keel:latest
    + imagePullPolicy: Always
    + command: ["/bin/keel"]
    + env:
    + - name: NAMESPACE
    + valueFrom:
    + fieldRef:
    + fieldPath: metadata.namespace
    + # Basic auth (to enable UI/API)
    + - name: BASIC_AUTH_USER
    + value: "admin"
    + - name: BASIC_AUTH_PASSWORD
    + value: "abc123"
    + - name: AUTHENTICATED_WEBHOOKS
    + value: "false"
    + - name: NOTIFICATION_LEVEL
    + value: "info"
    + # Enable insecure registries
    + - name: INSECURE_REGISTRY
    + value: "true"
    + ports:
    + - containerPort: 9300
    + livenessProbe:
    + httpGet:
    + path: /healthz
    + port: 9300
    + initialDelaySeconds: 30
    + timeoutSeconds: 10
    + resources:
    + limits:
    + cpu: 100m
    + memory: 128Mi
    + requests:
    + cpu: 50m
    + memory: 64Mi
    +---
    +apiVersion: policy/v1beta1
    +kind: PodDisruptionBudget
    +metadata:
    + name: keel
    + namespace: keel
    +spec:
    + maxUnavailable: 1
    + selector:
    + matchLabels:
    + app: keel
    +---
    --- a/50-nest.pidgin.im.yaml Thu Nov 26 00:15:24 2020 -0600
    +++ b/50-nest.pidgin.im.yaml Tue Dec 29 04:14:20 2020 -0600
    @@ -244,7 +244,9 @@
    labels:
    app: nest
    annotations:
    - tagpull/autoupdate: 15m
    + keel.sh/policy: force
    + keel.sh/trigger: poll
    + keel.sh/pollSchedule: "@every 10m"
    spec:
    replicas: 2
    selector:
    --- a/50-reaperworld.com.yaml Thu Nov 26 00:15:24 2020 -0600
    +++ b/50-reaperworld.com.yaml Tue Dec 29 04:14:20 2020 -0600
    @@ -136,7 +136,9 @@
    labels:
    app: www
    annotations:
    - tagpull/autoupdate: 15m
    + keel.sh/policy: force
    + keel.sh/trigger: poll
    + keel.sh/pollSchedule: "@every 10m"
    spec:
    replicas: 2
    selector:
    --- a/50-wasdead.yaml Thu Nov 26 00:15:24 2020 -0600
    +++ b/50-wasdead.yaml Tue Dec 29 04:14:20 2020 -0600
    @@ -19,7 +19,9 @@
    labels:
    app: wasdead
    annotations:
    - tagpull/autoupdate: 15m
    + keel.sh/policy: force
    + keel.sh/trigger: poll
    + keel.sh/pollSchedule: "@every 10m"
    spec:
    replicas: 1
    selector: