--- # Source: sealed-secrets/templates/service-account.yaml apiVersion: v1 kind: ServiceAccount metadata: name: sealed-secrets namespace: kube-system labels: app.kubernetes.io/name: sealed-secrets helm.sh/chart: sealed-secrets-2.7.0 app.kubernetes.io/instance: sealed-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: v0.19.1 --- # Source: sealed-secrets/templates/cluster-role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: secrets-unsealer labels: app.kubernetes.io/name: sealed-secrets helm.sh/chart: sealed-secrets-2.7.0 app.kubernetes.io/instance: sealed-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: v0.19.1 rules: - apiGroups: - bitnami.com resources: - sealedsecrets verbs: - get - list - watch - apiGroups: - bitnami.com resources: - sealedsecrets/status verbs: - update - apiGroups: - "" resources: - secrets verbs: - get - list - create - update - delete - watch - apiGroups: - "" resources: - events verbs: - create - patch --- # Source: sealed-secrets/templates/cluster-role-binding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: sealed-secrets labels: app.kubernetes.io/name: sealed-secrets helm.sh/chart: sealed-secrets-2.7.0 app.kubernetes.io/instance: sealed-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: v0.19.1 roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: secrets-unsealer subjects: - apiGroup: "" kind: ServiceAccount name: sealed-secrets namespace: kube-system --- # Source: sealed-secrets/templates/role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: sealed-secrets-key-admin namespace: kube-system labels: app.kubernetes.io/name: sealed-secrets helm.sh/chart: sealed-secrets-2.7.0 app.kubernetes.io/instance: sealed-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: v0.19.1 rules: - apiGroups: - "" resourceNames: - sealed-secrets-key resources: - secrets verbs: - get - apiGroups: - "" resources: - secrets verbs: - create - list --- # Source: sealed-secrets/templates/role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: sealed-secrets-service-proxier namespace: kube-system labels: app.kubernetes.io/name: sealed-secrets helm.sh/chart: sealed-secrets-2.7.0 app.kubernetes.io/instance: sealed-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: v0.19.1 rules: - apiGroups: - "" resourceNames: - sealed-secrets resources: - services verbs: - get - apiGroups: - "" resourceNames: - 'http:sealed-secrets:' - 'http:sealed-secrets:http' - sealed-secrets resources: - services/proxy verbs: - create - get --- # Source: sealed-secrets/templates/role-binding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: sealed-secrets-key-admin namespace: kube-system labels: app.kubernetes.io/name: sealed-secrets helm.sh/chart: sealed-secrets-2.7.0 app.kubernetes.io/instance: sealed-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: v0.19.1 roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: sealed-secrets-key-admin subjects: - apiGroup: "" kind: ServiceAccount name: sealed-secrets namespace: kube-system --- # Source: sealed-secrets/templates/role-binding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: sealed-secrets-service-proxier namespace: kube-system labels: app.kubernetes.io/name: sealed-secrets helm.sh/chart: sealed-secrets-2.7.0 app.kubernetes.io/instance: sealed-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: v0.19.1 roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: sealed-secrets-service-proxier subjects: - apiGroup: rbac.authorization.k8s.io kind: Group name: system:authenticated --- # Source: sealed-secrets/templates/service.yaml apiVersion: v1 kind: Service metadata: name: sealed-secrets namespace: kube-system labels: app.kubernetes.io/name: sealed-secrets helm.sh/chart: sealed-secrets-2.7.0 app.kubernetes.io/instance: sealed-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: v0.19.1 spec: type: ClusterIP ports: - name: http port: 8080 targetPort: http nodePort: null selector: app.kubernetes.io/name: sealed-secrets app.kubernetes.io/instance: sealed-secrets --- # Source: sealed-secrets/templates/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: sealed-secrets namespace: kube-system labels: app.kubernetes.io/name: sealed-secrets helm.sh/chart: sealed-secrets-2.7.0 app.kubernetes.io/instance: sealed-secrets app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: v0.19.1 spec: selector: matchLabels: app.kubernetes.io/name: sealed-secrets app.kubernetes.io/instance: sealed-secrets template: metadata: labels: app.kubernetes.io/name: sealed-secrets app.kubernetes.io/instance: sealed-secrets spec: securityContext: fsGroup: 65534 serviceAccountName: sealed-secrets containers: - name: controller command: - controller args: - --update-status - --key-prefix - "sealed-secrets-key" image: docker.io/bitnami/sealed-secrets-controller:v0.19.1 imagePullPolicy: IfNotPresent ports: - containerPort: 8080 name: http livenessProbe: failureThreshold: 3 initialDelaySeconds: 0 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 httpGet: path: /healthz port: http readinessProbe: failureThreshold: 3 initialDelaySeconds: 0 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 httpGet: path: /healthz port: http resources: limits: {} requests: {} securityContext: readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1001 volumeMounts: - mountPath: /tmp name: tmp volumes: - name: tmp emptyDir: {}