imfreedom/k8s-cluster

move 10-gemini to kustomize

2021-06-17, Gary Kramlich
890c6103bfac
Parents 42c7a1915a91
Children c757a1b2e383
move 10-gemini to kustomize
3 files changed, 96 insertions(+), 103 deletions(-)
  • +0 -103
    10-gemini.yaml
  • +7 -0
    10-gemini/kustomization.yaml
  • +89 -0
    10-gemini/manifest.yaml
    • --- a/10-gemini.yaml Thu Jun 17 03:10:41 2021 -0500
    +++ /dev/null Thu Jan 01 00:00:00 1970 +0000
    @@ -1,103 +0,0 @@
    ----
    -apiVersion: v1
    -kind: ServiceAccount
    -metadata:
    - name: gemini-controller
    - namespace: gemini
    - labels:
    - app: gemini
    ----
    -apiVersion: rbac.authorization.k8s.io/v1beta1
    -kind: ClusterRole
    -metadata:
    - name: gemini-controller
    - labels:
    - app: gemini
    -rules:
    - - apiGroups:
    - - gemini.fairwinds.com
    - resources:
    - - snapshotgroups
    - verbs:
    - - get
    - - list
    - - watch
    - - create
    - - update
    - - delete
    - - apiGroups:
    - - snapshot.storage.k8s.io
    - - ''
    - resources:
    - - volumesnapshots
    - - persistentvolumeclaims
    - verbs:
    - - get
    - - list
    - - create
    - - update
    - - delete
    - - apiGroups:
    - - apiextensions.k8s.io
    - resources:
    - - customresourcedefinitions
    - verbs:
    - - get
    - - create
    - - delete
    ----
    -apiVersion: rbac.authorization.k8s.io/v1beta1
    -kind: ClusterRoleBinding
    -metadata:
    - name: gemini-controller
    - labels:
    - app: gemini
    -roleRef:
    - apiGroup: rbac.authorization.k8s.io
    - kind: ClusterRole
    - name: gemini-controller
    -subjects:
    - - kind: ServiceAccount
    - name: gemini-controller
    - namespace: gemini
    ----
    -apiVersion: apps/v1
    -kind: Deployment
    -metadata:
    - name: gemini-controller
    - namespace: gemini
    - labels:
    - app: gemini
    -spec:
    - replicas: 1
    - selector:
    - matchLabels:
    - app: gemini
    - template:
    - metadata:
    - labels:
    - app: gemini
    - spec:
    - serviceAccountName: gemini-controller
    - containers:
    - - command:
    - - gemini
    - image: quay.io/fairwinds/gemini:0.1
    - imagePullPolicy: Always
    - name: gemini-controller
    - resources:
    - requests:
    - memory: 64Mi
    - cpu: 25m
    - limits:
    - memory: 128Mi
    - cpu: 100m
    - securityContext:
    - allowPrivilegeEscalation: false
    - privileged: false
    - readOnlyRootFilesystem: true
    - runAsNonRoot: true
    - capabilities:
    - drop:
    - - ALL
    ----
    --- /dev/null Thu Jan 01 00:00:00 1970 +0000
    +++ b/10-gemini/kustomization.yaml Thu Jun 17 03:17:45 2021 -0500
    @@ -0,0 +1,7 @@
    +---
    +namespace: gemini
    +commonLabels:
    + app: gemini
    +resources:
    + - manifest.yaml
    +---
    --- /dev/null Thu Jan 01 00:00:00 1970 +0000
    +++ b/10-gemini/manifest.yaml Thu Jun 17 03:17:45 2021 -0500
    @@ -0,0 +1,89 @@
    +---
    +apiVersion: v1
    +kind: ServiceAccount
    +metadata:
    + name: gemini-controller
    +---
    +apiVersion: rbac.authorization.k8s.io/v1beta1
    +kind: ClusterRole
    +metadata:
    + name: gemini-controller
    +rules:
    + - apiGroups:
    + - gemini.fairwinds.com
    + resources:
    + - snapshotgroups
    + verbs:
    + - get
    + - list
    + - watch
    + - create
    + - update
    + - delete
    + - apiGroups:
    + - snapshot.storage.k8s.io
    + - ''
    + resources:
    + - volumesnapshots
    + - persistentvolumeclaims
    + verbs:
    + - get
    + - list
    + - create
    + - update
    + - delete
    + - apiGroups:
    + - apiextensions.k8s.io
    + resources:
    + - customresourcedefinitions
    + verbs:
    + - get
    + - create
    + - delete
    +---
    +apiVersion: rbac.authorization.k8s.io/v1beta1
    +kind: ClusterRoleBinding
    +metadata:
    + name: gemini-controller
    +roleRef:
    + apiGroup: rbac.authorization.k8s.io
    + kind: ClusterRole
    + name: gemini-controller
    +subjects:
    + - kind: ServiceAccount
    + name: gemini-controller
    +---
    +apiVersion: apps/v1
    +kind: Deployment
    +metadata:
    + name: gemini-controller
    +spec:
    + replicas: 1
    + selector:
    + matchLabels:
    + app: gemini
    + template:
    + spec:
    + serviceAccountName: gemini-controller
    + containers:
    + - command:
    + - gemini
    + image: quay.io/fairwinds/gemini:0.1
    + imagePullPolicy: Always
    + name: gemini-controller
    + resources:
    + requests:
    + memory: 64Mi
    + cpu: 25m
    + limits:
    + memory: 128Mi
    + cpu: 100m
    + securityContext:
    + allowPrivilegeEscalation: false
    + privileged: false
    + readOnlyRootFilesystem: true
    + runAsNonRoot: true
    + capabilities:
    + drop:
    + - ALL
    +---