marko/docker-development-youtube-series
1
0
Fork 0
mirror of https://github.com/marcel-dempers/docker-development-youtube-series.git synced 2025-06-08 17:03:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
docker-development-youtube-.../kubernetes/secrets/sealed-secrets/controller-helm-v0.19.1.yaml
marcel-dempers 84890e84c3 updates to sealed secrets
2022-11-08 16:58:51 +11:00

279 lines
6.7 KiB
YAML
Raw Blame History

---
# Source: sealed-secrets/templates/service-account.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: sealed-secrets
namespace: kube-system
labels:
app.kubernetes.io/name: sealed-secrets
helm.sh/chart: sealed-secrets-2.7.0
app.kubernetes.io/instance: sealed-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/version: v0.19.1
---
# Source: sealed-secrets/templates/cluster-role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: secrets-unsealer
labels:
app.kubernetes.io/name: sealed-secrets
helm.sh/chart: sealed-secrets-2.7.0
app.kubernetes.io/instance: sealed-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/version: v0.19.1
rules:
- apiGroups:
- bitnami.com
resources:
- sealedsecrets
verbs:
- get
- list
- watch
- apiGroups:
- bitnami.com
resources:
- sealedsecrets/status
verbs:
- update
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- create
- update
- delete
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
---
# Source: sealed-secrets/templates/cluster-role-binding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: sealed-secrets
labels:
app.kubernetes.io/name: sealed-secrets
helm.sh/chart: sealed-secrets-2.7.0
app.kubernetes.io/instance: sealed-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/version: v0.19.1
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: secrets-unsealer
subjects:
- apiGroup: ""
kind: ServiceAccount
name: sealed-secrets
namespace: kube-system
---
# Source: sealed-secrets/templates/role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: sealed-secrets-key-admin
namespace: kube-system
labels:
app.kubernetes.io/name: sealed-secrets
helm.sh/chart: sealed-secrets-2.7.0
app.kubernetes.io/instance: sealed-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/version: v0.19.1
rules:
- apiGroups:
- ""
resourceNames:
- sealed-secrets-key
resources:
- secrets
verbs:
- get
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- list
---
# Source: sealed-secrets/templates/role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: sealed-secrets-service-proxier
namespace: kube-system
labels:
app.kubernetes.io/name: sealed-secrets
helm.sh/chart: sealed-secrets-2.7.0
app.kubernetes.io/instance: sealed-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/version: v0.19.1
rules:
- apiGroups:
- ""
resourceNames:
- sealed-secrets
resources:
- services
verbs:
- get
- apiGroups:
- ""
resourceNames:
- 'http:sealed-secrets:'
- 'http:sealed-secrets:http'
- sealed-secrets
resources:
- services/proxy
verbs:
- create
- get
---
# Source: sealed-secrets/templates/role-binding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: sealed-secrets-key-admin
namespace: kube-system
labels:
app.kubernetes.io/name: sealed-secrets
helm.sh/chart: sealed-secrets-2.7.0
app.kubernetes.io/instance: sealed-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/version: v0.19.1
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: sealed-secrets-key-admin
subjects:
- apiGroup: ""
kind: ServiceAccount
name: sealed-secrets
namespace: kube-system
---
# Source: sealed-secrets/templates/role-binding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: sealed-secrets-service-proxier
namespace: kube-system
labels:
app.kubernetes.io/name: sealed-secrets
helm.sh/chart: sealed-secrets-2.7.0
app.kubernetes.io/instance: sealed-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/version: v0.19.1
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: sealed-secrets-service-proxier
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: system:authenticated
---
# Source: sealed-secrets/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: sealed-secrets
namespace: kube-system
labels:
app.kubernetes.io/name: sealed-secrets
helm.sh/chart: sealed-secrets-2.7.0
app.kubernetes.io/instance: sealed-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/version: v0.19.1
spec:
type: ClusterIP
ports:
- name: http
port: 8080
targetPort: http
nodePort: null
selector:
app.kubernetes.io/name: sealed-secrets
app.kubernetes.io/instance: sealed-secrets
---
# Source: sealed-secrets/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: sealed-secrets
namespace: kube-system
labels:
app.kubernetes.io/name: sealed-secrets
helm.sh/chart: sealed-secrets-2.7.0
app.kubernetes.io/instance: sealed-secrets
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/version: v0.19.1
spec:
selector:
matchLabels:
app.kubernetes.io/name: sealed-secrets
app.kubernetes.io/instance: sealed-secrets
template:
metadata:
labels:
app.kubernetes.io/name: sealed-secrets
app.kubernetes.io/instance: sealed-secrets
spec:
securityContext:
fsGroup: 65534
serviceAccountName: sealed-secrets
containers:
- name: controller
command:
- controller
args:
- --update-status
- --key-prefix
- "sealed-secrets-key"
image: docker.io/bitnami/sealed-secrets-controller:v0.19.1
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
name: http
livenessProbe:
failureThreshold: 3
initialDelaySeconds: 0
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
httpGet:
path: /healthz
port: http
readinessProbe:
failureThreshold: 3
initialDelaySeconds: 0
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
httpGet:
path: /healthz
port: http
resources:
limits: {}
requests: {}
securityContext:
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1001
volumeMounts:
- mountPath: /tmp
name: tmp
volumes:
- name: tmp
emptyDir: {}
Reference in New Issue View Git Blame Copy Permalink