rob/netflux-kubernetes
1
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity

refactor: extract minimal-base

Browse Source
This commit is contained in:
Rob Watson 2025-04-26 11:40:57 +02:00
parent 1fedfbcafb
commit 8a346d2e84
12 changed files with 271 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
deploy/Makefile
View File

@ -1,4 +1,4 @@
.PHONY: dev prod inflate
.PHONY: dev prod prod-ovh inflate
dev:
@kubectl kustomize --enable-helm dev
@ -7,6 +7,10 @@ prod: load-prod-env
# go install https://git.netflux.io/rob/envfilesubst@latest
@kubectl kustomize --enable-helm prod | envfilesubst -f prod/secrets/env
prod-ovh:
# go install https://git.netflux.io/rob/envfilesubst@latest
@kubectl kustomize --enable-helm prod-ovh
load-prod-env:
$(eval include prod/secrets/env)
$(eval export)

11
deploy/base/kustomization.yaml
View File

@ -1,15 +1,6 @@
---
resources:
# metrics-server
- inflated/metrics-server/templates/serviceaccount.yaml
- inflated/metrics-server/templates/clusterrolebinding-auth-delegator.yaml
- inflated/metrics-server/templates/rolebinding.yaml
- inflated/metrics-server/templates/deployment.yaml
- inflated/metrics-server/templates/apiservice.yaml
- inflated/metrics-server/templates/clusterrole-aggregated-reader.yaml
- inflated/metrics-server/templates/service.yaml
- inflated/metrics-server/templates/clusterrole.yaml
- inflated/metrics-server/templates/clusterrolebinding.yaml
- ../minimal-base
# ingress-nginx
- inflated/ingress-nginx/templates/controller-deployment.yaml
- inflated/ingress-nginx/templates/controller-serviceaccount.yaml

22
deploy/minimal-base/inflated/metrics-server/templates/apiservice.yaml Normal file
View File

@ -0,0 +1,22 @@
---
# Source: metrics-server/templates/apiservice.yaml
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
name: v1beta1.metrics.k8s.io
labels:
helm.sh/chart: metrics-server-3.12.2
app.kubernetes.io/name: metrics-server
app.kubernetes.io/instance: metrics-server
app.kubernetes.io/version: "0.7.2"
app.kubernetes.io/managed-by: Helm
spec:
group: metrics.k8s.io
groupPriorityMinimum: 100
insecureSkipTLSVerify: true
service:
name: metrics-server
namespace: default
port: 443
version: v1beta1
versionPriority: 100

25
deploy/minimal-base/inflated/metrics-server/templates/clusterrole-aggregated-reader.yaml Normal file
View File

@ -0,0 +1,25 @@
---
# Source: metrics-server/templates/clusterrole-aggregated-reader.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: system:metrics-server-aggregated-reader
labels:
helm.sh/chart: metrics-server-3.12.2
app.kubernetes.io/name: metrics-server
app.kubernetes.io/instance: metrics-server
app.kubernetes.io/version: "0.7.2"
app.kubernetes.io/managed-by: Helm
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true"
rules:
- apiGroups:
- metrics.k8s.io
resources:
- pods
- nodes
verbs:
- get
- list
- watch

30
deploy/minimal-base/inflated/metrics-server/templates/clusterrole.yaml Normal file
View File

@ -0,0 +1,30 @@
---
# Source: metrics-server/templates/clusterrole.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: system:metrics-server
labels:
helm.sh/chart: metrics-server-3.12.2
app.kubernetes.io/name: metrics-server
app.kubernetes.io/instance: metrics-server
app.kubernetes.io/version: "0.7.2"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
- ""
resources:
- nodes/metrics
verbs:
- get
- apiGroups:
- ""
resources:
- pods
- nodes
- namespaces
- configmaps
verbs:
- get
- list
- watch

20
deploy/minimal-base/inflated/metrics-server/templates/clusterrolebinding-auth-delegator.yaml Normal file
View File

@ -0,0 +1,20 @@
---
# Source: metrics-server/templates/clusterrolebinding-auth-delegator.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: metrics-server:system:auth-delegator
labels:
helm.sh/chart: metrics-server-3.12.2
app.kubernetes.io/name: metrics-server
app.kubernetes.io/instance: metrics-server
app.kubernetes.io/version: "0.7.2"
app.kubernetes.io/managed-by: Helm
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:auth-delegator
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: default

20
deploy/minimal-base/inflated/metrics-server/templates/clusterrolebinding.yaml Normal file
View File

@ -0,0 +1,20 @@
---
# Source: metrics-server/templates/clusterrolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: system:metrics-server
labels:
helm.sh/chart: metrics-server-3.12.2
app.kubernetes.io/name: metrics-server
app.kubernetes.io/instance: metrics-server
app.kubernetes.io/version: "0.7.2"
app.kubernetes.io/managed-by: Helm
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:metrics-server
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: default

77
deploy/minimal-base/inflated/metrics-server/templates/deployment.yaml Normal file
View File

@ -0,0 +1,77 @@
---
# Source: metrics-server/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: metrics-server
namespace: default
labels:
helm.sh/chart: metrics-server-3.12.2
app.kubernetes.io/name: metrics-server
app.kubernetes.io/instance: metrics-server
app.kubernetes.io/version: "0.7.2"
app.kubernetes.io/managed-by: Helm
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: metrics-server
app.kubernetes.io/instance: metrics-server
template:
metadata:
labels:
app.kubernetes.io/name: metrics-server
app.kubernetes.io/instance: metrics-server
spec:
serviceAccountName: metrics-server
priorityClassName: "system-cluster-critical"
containers:
- name: metrics-server
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
image: registry.k8s.io/metrics-server/metrics-server:v0.7.2
imagePullPolicy: IfNotPresent
args:
- --secure-port=10250
- --cert-dir=/tmp
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
- --kubelet-use-node-status-port
- --metric-resolution=15s
ports:
- name: https
protocol: TCP
containerPort: 10250
livenessProbe:
failureThreshold: 3
httpGet:
path: /livez
port: https
scheme: HTTPS
initialDelaySeconds: 0
periodSeconds: 10
readinessProbe:
failureThreshold: 3
httpGet:
path: /readyz
port: https
scheme: HTTPS
initialDelaySeconds: 20
periodSeconds: 10
volumeMounts:
- name: tmp
mountPath: /tmp
resources:
requests:
cpu: 100m
memory: 200Mi
volumes:
- name: tmp
emptyDir: {}

21
deploy/minimal-base/inflated/metrics-server/templates/rolebinding.yaml Normal file
View File

@ -0,0 +1,21 @@
---
# Source: metrics-server/templates/rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: metrics-server-auth-reader
namespace: kube-system
labels:
helm.sh/chart: metrics-server-3.12.2
app.kubernetes.io/name: metrics-server
app.kubernetes.io/instance: metrics-server
app.kubernetes.io/version: "0.7.2"
app.kubernetes.io/managed-by: Helm
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: extension-apiserver-authentication-reader
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: default

24
deploy/minimal-base/inflated/metrics-server/templates/service.yaml Normal file
View File

@ -0,0 +1,24 @@
---
# Source: metrics-server/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: metrics-server
namespace: default
labels:
helm.sh/chart: metrics-server-3.12.2
app.kubernetes.io/name: metrics-server
app.kubernetes.io/instance: metrics-server
app.kubernetes.io/version: "0.7.2"
app.kubernetes.io/managed-by: Helm
spec:
type: ClusterIP
ports:
- name: https
port: 443
protocol: TCP
targetPort: https
appProtocol: https
selector:
app.kubernetes.io/name: metrics-server
app.kubernetes.io/instance: metrics-server

13
deploy/minimal-base/inflated/metrics-server/templates/serviceaccount.yaml Normal file
View File

@ -0,0 +1,13 @@
---
# Source: metrics-server/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: metrics-server
namespace: default
labels:
helm.sh/chart: metrics-server-3.12.2
app.kubernetes.io/name: metrics-server
app.kubernetes.io/instance: metrics-server
app.kubernetes.io/version: "0.7.2"
app.kubernetes.io/managed-by: Helm

13
deploy/minimal-base/kustomization.yaml Normal file
View File

@ -0,0 +1,13 @@
# Minimal version of base/kustomization.yml while migrating.
---
resources:
# metrics-server
- inflated/metrics-server/templates/serviceaccount.yaml
- inflated/metrics-server/templates/clusterrolebinding-auth-delegator.yaml
- inflated/metrics-server/templates/rolebinding.yaml
- inflated/metrics-server/templates/deployment.yaml
- inflated/metrics-server/templates/apiservice.yaml
- inflated/metrics-server/templates/clusterrole-aggregated-reader.yaml
- inflated/metrics-server/templates/service.yaml
- inflated/metrics-server/templates/clusterrole.yaml
- inflated/metrics-server/templates/clusterrolebinding.yaml