DeveloperDurp/linode
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update argocd/sealed-secrets/templates/deployment.yaml, argocd/sealed-secrets/Chart.yaml, argocd/sealed-secrets/values.yaml

Browse Source
This commit is contained in:
DeveloperDurp
2022-09-26 15:24:59 +00:00
parent f8e36c7f6b
commit 95db39b91b
3 changed files with 400 additions and 147 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
argocd/sealed-secrets/Chart.yaml
View File

@@ -5,7 +5,7 @@ type: application
version: 0.0.1
appVersion: 0.0.1
dependencies:
- name: sealed-secrets
repository: https://bitnami-labs.github.io/sealed-secrets
version: 2.6.9
#dependencies:
#- name: sealed-secrets
# repository: https://bitnami-labs.github.io/sealed-secrets
# version: 2.6.9

252
argocd/sealed-secrets/templates/deployment.yaml Normal file
View File

@@ -0,0 +1,252 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
annotations: {}
labels:
name: sealed-secrets-service-proxier
name: sealed-secrets-service-proxier
namespace: kube-system
rules:
- apiGroups:
- ""
resourceNames:
- sealed-secrets-controller
resources:
- services
verbs:
- get
- apiGroups:
- ""
resourceNames:
- 'http:sealed-secrets-controller:'
- sealed-secrets-controller
resources:
- services/proxy
verbs:
- create
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
annotations: {}
labels:
name: sealed-secrets-key-admin
name: sealed-secrets-key-admin
namespace: kube-system
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations: {}
labels:
name: sealed-secrets-controller
name: sealed-secrets-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: secrets-unsealer
subjects:
- kind: ServiceAccount
name: sealed-secrets-controller
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations: {}
labels:
name: secrets-unsealer
name: secrets-unsealer
rules:
- apiGroups:
- bitnami.com
resources:
- sealedsecrets
verbs:
- get
- list
- watch
- apiGroups:
- bitnami.com
resources:
- sealedsecrets/status
verbs:
- update
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- create
- update
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
---
apiVersion: v1
kind: ServiceAccount
metadata:
annotations: {}
labels:
name: sealed-secrets-controller
name: sealed-secrets-controller
namespace: kube-system
---
apiVersion: apps/v1
kind: Deployment
metadata:
annotations: {}
labels:
name: sealed-secrets-controller
name: sealed-secrets-controller
namespace: kube-system
spec:
minReadySeconds: 30
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
name: sealed-secrets-controller
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
annotations: {}
labels:
name: sealed-secrets-controller
spec:
containers:
- args: []
command:
- controller
env: []
image: docker.io/bitnami/sealed-secrets-controller:v0.17.5
imagePullPolicy: Always
livenessProbe:
httpGet:
path: /healthz
port: http
name: sealed-secrets-controller
ports:
- containerPort: 8080
name: http
readinessProbe:
httpGet:
path: /healthz
port: http
securityContext:
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1001
stdin: false
tty: false
volumeMounts:
- mountPath: /tmp
name: tmp
imagePullSecrets: []
initContainers: []
securityContext:
fsGroup: 65534
serviceAccountName: sealed-secrets-controller
terminationGracePeriodSeconds: 30
volumes:
- emptyDir: {}
name: tmp
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: sealedsecrets.bitnami.com
spec:
group: bitnami.com
names:
kind: SealedSecret
listKind: SealedSecretList
plural: sealedsecrets
singular: sealedsecret
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
spec:
type: object
x-kubernetes-preserve-unknown-fields: true
status:
x-kubernetes-preserve-unknown-fields: true
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: v1
kind: Service
metadata:
annotations: {}
labels:
name: sealed-secrets-controller
name: sealed-secrets-controller
namespace: kube-system
spec:
ports:
- port: 8080
targetPort: 8080
selector:
name: sealed-secrets-controller
type: ClusterIP
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
annotations: {}
labels:
name: sealed-secrets-service-proxier
name: sealed-secrets-service-proxier
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: sealed-secrets-service-proxier
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: system:authenticated
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
annotations: {}
labels:
name: sealed-secrets-controller
name: sealed-secrets-controller
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: sealed-secrets-key-admin
subjects:
- kind: ServiceAccount
name: sealed-secrets-controller
namespace: kube-system

287
argocd/sealed-secrets/values.yaml
View File

@@ -1,143 +1,144 @@
sealed-secrets:
kubeVersion: ""
nameOverride: ""
fullnameOverride: ""
namespace: ""
extraDeploy: []
commonAnnotations: {}
image:
registry: docker.io
repository: bitnami/sealed-secrets-controller
tag: v0.18.5
pullPolicy: Always
pullSecrets: []
createController: true
secretName: "sealed-secrets-key"
updateStatus: true
keyrenewperiod: ""
rateLimit: ""
rateLimitBurst: ""
additionalNamespaces: []
command: []
args: []
livenessProbe:
enabled: true
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 3
successThreshold: 1
readinessProbe:
enabled: true
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 3
successThreshold: 1
startupProbe:
enabled: false
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 3
successThreshold: 1
customLivenessProbe: {}
customReadinessProbe: {}
customStartupProbe: {}
resources:
limits: {}
requests: {}
podSecurityContext:
enabled: true
fsGroup: 65534
containerSecurityContext:
enabled: true
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1001
automountServiceAccountToken: ""
podLabels: {}
podAnnotations: {}
priorityClassName: ""
runtimeClassName: ""
affinity: {}
nodeSelector: {}
tolerations: []
additionalVolumes: []
additionalVolumeMounts: []
hostNetwork: false
dnsPolicy: ""
service:
type: ClusterIP
port: 8080
nodePort: ""
annotations: {}
ingress:
enabled: false
pathType: ImplementationSpecific
apiVersion: ""
ingressClassName: ""
hostname: sealed-secrets.local
path: /v1/cert.pem
annotations:
tls: false
selfSigned: false
extraHosts: []
extraPaths: []
extraTls: []
secrets: []
networkPolicy:
enabled: false
serviceAccount:
annotations: {}
create: true
labels: {}
name: ""
automountServiceAccountToken: ""
rbac:
create: true
clusterRole: true
labels: {}
pspEnabled: false
metrics:
serviceMonitor:
enabled: false
namespace: ""
labels: {}
annotations: {}
interval: ""
scrapeTimeout: ""
honorLabels: true
metricRelabelings: []
relabelings: []
dashboards:
create: false
labels: {}
namespace: ""
#sealed-secrets:
#
# kubeVersion: ""
# nameOverride: ""
# fullnameOverride: ""
# namespace: ""
# extraDeploy: []
# commonAnnotations: {}
#
# image:
# registry: docker.io
# repository: bitnami/sealed-secrets-controller
# tag: v0.18.5
# pullPolicy: Always
# pullSecrets: []
#
# createController: true
# secretName: "sealed-secrets-key"
# updateStatus: true
# keyrenewperiod: ""
# rateLimit: ""
# rateLimitBurst: ""
# additionalNamespaces: []
# command: []
# args: []
# livenessProbe:
# enabled: true
# initialDelaySeconds: 0
# periodSeconds: 10
# timeoutSeconds: 1
# failureThreshold: 3
# successThreshold: 1
# readinessProbe:
# enabled: true
# initialDelaySeconds: 0
# periodSeconds: 10
# timeoutSeconds: 1
# failureThreshold: 3
# successThreshold: 1
# startupProbe:
# enabled: false
# initialDelaySeconds: 0
# periodSeconds: 10
# timeoutSeconds: 1
# failureThreshold: 3
# successThreshold: 1
#
# customLivenessProbe: {}
#
# customReadinessProbe: {}
#
# customStartupProbe: {}
#
# resources:
# limits: {}
# requests: {}
#
# podSecurityContext:
# enabled: true
# fsGroup: 65534
# containerSecurityContext:
# enabled: true
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1001
#
# automountServiceAccountToken: ""
#
# podLabels: {}
#
# podAnnotations: {}
#
# priorityClassName: ""
#
# runtimeClassName: ""
#
# affinity: {}
#
# nodeSelector: {}
#
# tolerations: []
#
# additionalVolumes: []
#
# additionalVolumeMounts: []
#
# hostNetwork: false
#
# dnsPolicy: ""
#
# service:
# type: ClusterIP
# port: 8080
# nodePort: ""
# annotations: {}
#
# ingress:
# enabled: false
# pathType: ImplementationSpecific
# apiVersion: ""
# ingressClassName: ""
# hostname: sealed-secrets.local
# path: /v1/cert.pem
# annotations:
# tls: false
# selfSigned: false
# extraHosts: []
# extraPaths: []
# extraTls: []
# secrets: []
#
# networkPolicy:
# enabled: false
#
# serviceAccount:
# annotations: {}
# create: true
# labels: {}
# name: ""
# automountServiceAccountToken: ""
#
# rbac:
# create: true
# clusterRole: true
# labels: {}
# pspEnabled: false
#
# metrics:
# serviceMonitor:
# enabled: false
# namespace: ""
# labels: {}
# annotations: {}
# interval: ""
# scrapeTimeout: ""
# honorLabels: true
# metricRelabelings: []
# relabelings: []
# dashboards:
# create: false
# labels: {}
# namespace: ""
#
#