diff --git a/deploy/Makefile b/deploy/Makefile index 8b849e1..b22751a 100644 --- a/deploy/Makefile +++ b/deploy/Makefile @@ -1,4 +1,4 @@ -.PHONY: dev prod inflate +.PHONY: dev prod prod-ovh inflate dev: @kubectl kustomize --enable-helm dev @@ -7,6 +7,10 @@ prod: load-prod-env # go install https://git.netflux.io/rob/envfilesubst@latest @kubectl kustomize --enable-helm prod | envfilesubst -f prod/secrets/env +prod-ovh: + # go install https://git.netflux.io/rob/envfilesubst@latest + @kubectl kustomize --enable-helm prod-ovh + load-prod-env: $(eval include prod/secrets/env) $(eval export) diff --git a/deploy/base/kustomization.yaml b/deploy/base/kustomization.yaml index 74f268e..444e24b 100644 --- a/deploy/base/kustomization.yaml +++ b/deploy/base/kustomization.yaml @@ -1,15 +1,6 @@ --- resources: -# metrics-server -- inflated/metrics-server/templates/serviceaccount.yaml -- inflated/metrics-server/templates/clusterrolebinding-auth-delegator.yaml -- inflated/metrics-server/templates/rolebinding.yaml -- inflated/metrics-server/templates/deployment.yaml -- inflated/metrics-server/templates/apiservice.yaml -- inflated/metrics-server/templates/clusterrole-aggregated-reader.yaml -- inflated/metrics-server/templates/service.yaml -- inflated/metrics-server/templates/clusterrole.yaml -- inflated/metrics-server/templates/clusterrolebinding.yaml +- ../minimal-base # ingress-nginx - inflated/ingress-nginx/templates/controller-deployment.yaml - inflated/ingress-nginx/templates/controller-serviceaccount.yaml diff --git a/deploy/minimal-base/inflated/metrics-server/templates/apiservice.yaml b/deploy/minimal-base/inflated/metrics-server/templates/apiservice.yaml new file mode 100644 index 0000000..3059421 --- /dev/null +++ b/deploy/minimal-base/inflated/metrics-server/templates/apiservice.yaml @@ -0,0 +1,22 @@ +--- +# Source: metrics-server/templates/apiservice.yaml +apiVersion: apiregistration.k8s.io/v1 +kind: APIService +metadata: + name: v1beta1.metrics.k8s.io + labels: + helm.sh/chart: metrics-server-3.12.2 + app.kubernetes.io/name: metrics-server + app.kubernetes.io/instance: metrics-server + app.kubernetes.io/version: "0.7.2" + app.kubernetes.io/managed-by: Helm +spec: + group: metrics.k8s.io + groupPriorityMinimum: 100 + insecureSkipTLSVerify: true + service: + name: metrics-server + namespace: default + port: 443 + version: v1beta1 + versionPriority: 100 diff --git a/deploy/minimal-base/inflated/metrics-server/templates/clusterrole-aggregated-reader.yaml b/deploy/minimal-base/inflated/metrics-server/templates/clusterrole-aggregated-reader.yaml new file mode 100644 index 0000000..161e158 --- /dev/null +++ b/deploy/minimal-base/inflated/metrics-server/templates/clusterrole-aggregated-reader.yaml @@ -0,0 +1,25 @@ +--- +# Source: metrics-server/templates/clusterrole-aggregated-reader.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: system:metrics-server-aggregated-reader + labels: + helm.sh/chart: metrics-server-3.12.2 + app.kubernetes.io/name: metrics-server + app.kubernetes.io/instance: metrics-server + app.kubernetes.io/version: "0.7.2" + app.kubernetes.io/managed-by: Helm + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" +rules: + - apiGroups: + - metrics.k8s.io + resources: + - pods + - nodes + verbs: + - get + - list + - watch diff --git a/deploy/minimal-base/inflated/metrics-server/templates/clusterrole.yaml b/deploy/minimal-base/inflated/metrics-server/templates/clusterrole.yaml new file mode 100644 index 0000000..33275cc --- /dev/null +++ b/deploy/minimal-base/inflated/metrics-server/templates/clusterrole.yaml @@ -0,0 +1,30 @@ +--- +# Source: metrics-server/templates/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: system:metrics-server + labels: + helm.sh/chart: metrics-server-3.12.2 + app.kubernetes.io/name: metrics-server + app.kubernetes.io/instance: metrics-server + app.kubernetes.io/version: "0.7.2" + app.kubernetes.io/managed-by: Helm +rules: + - apiGroups: + - "" + resources: + - nodes/metrics + verbs: + - get + - apiGroups: + - "" + resources: + - pods + - nodes + - namespaces + - configmaps + verbs: + - get + - list + - watch diff --git a/deploy/minimal-base/inflated/metrics-server/templates/clusterrolebinding-auth-delegator.yaml b/deploy/minimal-base/inflated/metrics-server/templates/clusterrolebinding-auth-delegator.yaml new file mode 100644 index 0000000..6728b77 --- /dev/null +++ b/deploy/minimal-base/inflated/metrics-server/templates/clusterrolebinding-auth-delegator.yaml @@ -0,0 +1,20 @@ +--- +# Source: metrics-server/templates/clusterrolebinding-auth-delegator.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: metrics-server:system:auth-delegator + labels: + helm.sh/chart: metrics-server-3.12.2 + app.kubernetes.io/name: metrics-server + app.kubernetes.io/instance: metrics-server + app.kubernetes.io/version: "0.7.2" + app.kubernetes.io/managed-by: Helm +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:auth-delegator +subjects: + - kind: ServiceAccount + name: metrics-server + namespace: default diff --git a/deploy/minimal-base/inflated/metrics-server/templates/clusterrolebinding.yaml b/deploy/minimal-base/inflated/metrics-server/templates/clusterrolebinding.yaml new file mode 100644 index 0000000..77bb1c6 --- /dev/null +++ b/deploy/minimal-base/inflated/metrics-server/templates/clusterrolebinding.yaml @@ -0,0 +1,20 @@ +--- +# Source: metrics-server/templates/clusterrolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: system:metrics-server + labels: + helm.sh/chart: metrics-server-3.12.2 + app.kubernetes.io/name: metrics-server + app.kubernetes.io/instance: metrics-server + app.kubernetes.io/version: "0.7.2" + app.kubernetes.io/managed-by: Helm +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:metrics-server +subjects: + - kind: ServiceAccount + name: metrics-server + namespace: default diff --git a/deploy/minimal-base/inflated/metrics-server/templates/deployment.yaml b/deploy/minimal-base/inflated/metrics-server/templates/deployment.yaml new file mode 100644 index 0000000..1208caf --- /dev/null +++ b/deploy/minimal-base/inflated/metrics-server/templates/deployment.yaml @@ -0,0 +1,77 @@ +--- +# Source: metrics-server/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: metrics-server + namespace: default + labels: + helm.sh/chart: metrics-server-3.12.2 + app.kubernetes.io/name: metrics-server + app.kubernetes.io/instance: metrics-server + app.kubernetes.io/version: "0.7.2" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: metrics-server + app.kubernetes.io/instance: metrics-server + template: + metadata: + labels: + app.kubernetes.io/name: metrics-server + app.kubernetes.io/instance: metrics-server + spec: + serviceAccountName: metrics-server + priorityClassName: "system-cluster-critical" + containers: + - name: metrics-server + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + image: registry.k8s.io/metrics-server/metrics-server:v0.7.2 + imagePullPolicy: IfNotPresent + args: + - --secure-port=10250 + - --cert-dir=/tmp + - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname + - --kubelet-use-node-status-port + - --metric-resolution=15s + ports: + - name: https + protocol: TCP + containerPort: 10250 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /livez + port: https + scheme: HTTPS + initialDelaySeconds: 0 + periodSeconds: 10 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: https + scheme: HTTPS + initialDelaySeconds: 20 + periodSeconds: 10 + volumeMounts: + - name: tmp + mountPath: /tmp + resources: + requests: + cpu: 100m + memory: 200Mi + volumes: + - name: tmp + emptyDir: {} diff --git a/deploy/minimal-base/inflated/metrics-server/templates/rolebinding.yaml b/deploy/minimal-base/inflated/metrics-server/templates/rolebinding.yaml new file mode 100644 index 0000000..de374cb --- /dev/null +++ b/deploy/minimal-base/inflated/metrics-server/templates/rolebinding.yaml @@ -0,0 +1,21 @@ +--- +# Source: metrics-server/templates/rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: metrics-server-auth-reader + namespace: kube-system + labels: + helm.sh/chart: metrics-server-3.12.2 + app.kubernetes.io/name: metrics-server + app.kubernetes.io/instance: metrics-server + app.kubernetes.io/version: "0.7.2" + app.kubernetes.io/managed-by: Helm +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: extension-apiserver-authentication-reader +subjects: + - kind: ServiceAccount + name: metrics-server + namespace: default diff --git a/deploy/minimal-base/inflated/metrics-server/templates/service.yaml b/deploy/minimal-base/inflated/metrics-server/templates/service.yaml new file mode 100644 index 0000000..d9aae6d --- /dev/null +++ b/deploy/minimal-base/inflated/metrics-server/templates/service.yaml @@ -0,0 +1,24 @@ +--- +# Source: metrics-server/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: metrics-server + namespace: default + labels: + helm.sh/chart: metrics-server-3.12.2 + app.kubernetes.io/name: metrics-server + app.kubernetes.io/instance: metrics-server + app.kubernetes.io/version: "0.7.2" + app.kubernetes.io/managed-by: Helm +spec: + type: ClusterIP + ports: + - name: https + port: 443 + protocol: TCP + targetPort: https + appProtocol: https + selector: + app.kubernetes.io/name: metrics-server + app.kubernetes.io/instance: metrics-server diff --git a/deploy/minimal-base/inflated/metrics-server/templates/serviceaccount.yaml b/deploy/minimal-base/inflated/metrics-server/templates/serviceaccount.yaml new file mode 100644 index 0000000..3eaeef1 --- /dev/null +++ b/deploy/minimal-base/inflated/metrics-server/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +--- +# Source: metrics-server/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: metrics-server + namespace: default + labels: + helm.sh/chart: metrics-server-3.12.2 + app.kubernetes.io/name: metrics-server + app.kubernetes.io/instance: metrics-server + app.kubernetes.io/version: "0.7.2" + app.kubernetes.io/managed-by: Helm diff --git a/deploy/minimal-base/kustomization.yaml b/deploy/minimal-base/kustomization.yaml new file mode 100644 index 0000000..29c1ee0 --- /dev/null +++ b/deploy/minimal-base/kustomization.yaml @@ -0,0 +1,13 @@ +# Minimal version of base/kustomization.yml while migrating. +--- +resources: +# metrics-server +- inflated/metrics-server/templates/serviceaccount.yaml +- inflated/metrics-server/templates/clusterrolebinding-auth-delegator.yaml +- inflated/metrics-server/templates/rolebinding.yaml +- inflated/metrics-server/templates/deployment.yaml +- inflated/metrics-server/templates/apiservice.yaml +- inflated/metrics-server/templates/clusterrole-aggregated-reader.yaml +- inflated/metrics-server/templates/service.yaml +- inflated/metrics-server/templates/clusterrole.yaml +- inflated/metrics-server/templates/clusterrolebinding.yaml