imfreedom/k8s-cluster

Add gemini to our cluster for automatic volume snapshots

2021-02-22, Gary Kramlich
d2f5d7dd528c
Parents cbfe2d1cb01f
Children 99ab3ab921d2
Add gemini to our cluster for automatic volume snapshots

Find more information https://github.com/FairwindsOps/gemini
2 files changed, 110 insertions(+), 0 deletions(-)
  • +7 -0
    00-namespaces.yaml
  • +103 -0
    10-gemini.yaml
    • --- a/00-namespaces.yaml Thu Feb 04 07:46:12 2021 -0600
    +++ b/00-namespaces.yaml Mon Feb 22 23:27:31 2021 -0600
    @@ -64,3 +64,10 @@
    labels:
    name: monitoring
    ---
    +apiVersion: v1
    +kind: Namespace
    +metadata:
    + name: gemini
    + labels:
    + name: gemini
    +---
    --- /dev/null Thu Jan 01 00:00:00 1970 +0000
    +++ b/10-gemini.yaml Mon Feb 22 23:27:31 2021 -0600
    @@ -0,0 +1,103 @@
    +---
    +apiVersion: v1
    +kind: ServiceAccount
    +metadata:
    + name: gemini-controller
    + namespace: gemini
    + labels:
    + app: gemini
    +---
    +apiVersion: rbac.authorization.k8s.io/v1beta1
    +kind: ClusterRole
    +metadata:
    + name: gemini-controller
    + labels:
    + app: gemini
    +rules:
    + - apiGroups:
    + - gemini.fairwinds.com
    + resources:
    + - snapshotgroups
    + verbs:
    + - get
    + - list
    + - watch
    + - create
    + - update
    + - delete
    + - apiGroups:
    + - snapshot.storage.k8s.io
    + - ''
    + resources:
    + - volumesnapshots
    + - persistentvolumeclaims
    + verbs:
    + - get
    + - list
    + - create
    + - update
    + - delete
    + - apiGroups:
    + - apiextensions.k8s.io
    + resources:
    + - customresourcedefinitions
    + verbs:
    + - get
    + - create
    + - delete
    +---
    +apiVersion: rbac.authorization.k8s.io/v1beta1
    +kind: ClusterRoleBinding
    +metadata:
    + name: gemini-controller
    + labels:
    + app: gemini
    +roleRef:
    + apiGroup: rbac.authorization.k8s.io
    + kind: ClusterRole
    + name: gemini-controller
    +subjects:
    + - kind: ServiceAccount
    + name: gemini-controller
    + namespace: gemini
    +---
    +apiVersion: apps/v1
    +kind: Deployment
    +metadata:
    + name: gemini-controller
    + namespace: gemini
    + labels:
    + app: gemini
    +spec:
    + replicas: 1
    + selector:
    + matchLabels:
    + app: gemini
    + template:
    + metadata:
    + labels:
    + app: gemini
    + spec:
    + serviceAccountName: gemini-controller
    + containers:
    + - command:
    + - gemini
    + image: quay.io/fairwinds/gemini:0.1
    + imagePullPolicy: Always
    + name: gemini-controller
    + resources:
    + requests:
    + memory: 64Mi
    + cpu: 25m
    + limits:
    + memory: 128Mi
    + cpu: 100m
    + securityContext:
    + allowPrivilegeEscalation: false
    + privileged: false
    + readOnlyRootFilesystem: true
    + runAsNonRoot: true
    + capabilities:
    + drop:
    + - ALL
    +---