DeveloperDurp/linode
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update argocd/sealed-secrets/templates/deployment.yaml, argocd/sealed-secrets/Chart.yaml, argocd/sealed-secrets/values.yaml

Browse Source
This commit is contained in:
DeveloperDurp
2022-09-26 15:24:59 +00:00
parent f8e36c7f6b
commit 95db39b91b
3 changed files with 400 additions and 147 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
argocd/sealed-secrets/Chart.yaml
View File

@@ -5,7 +5,7 @@ type: application
version: 0.0.1 version: 0.0.1
appVersion: 0.0.1 appVersion: 0.0.1
dependencies: #dependencies:
- name: sealed-secrets #- name: sealed-secrets
repository: https://bitnami-labs.github.io/sealed-secrets # repository: https://bitnami-labs.github.io/sealed-secrets
version: 2.6.9 # version: 2.6.9

252
argocd/sealed-secrets/templates/deployment.yaml Normal file
View File

@@ -0,0 +1,252 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
annotations: {}
labels:
name: sealed-secrets-service-proxier
name: sealed-secrets-service-proxier
namespace: kube-system
rules:
- apiGroups:
- ""
resourceNames:
- sealed-secrets-controller
resources:
- services
verbs:
- get
- apiGroups:
- ""
resourceNames:
- 'http:sealed-secrets-controller:'
- sealed-secrets-controller
resources:
- services/proxy
verbs:
- create
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
annotations: {}
labels:
name: sealed-secrets-key-admin
name: sealed-secrets-key-admin
namespace: kube-system
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations: {}
labels:
name: sealed-secrets-controller
name: sealed-secrets-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: secrets-unsealer
subjects:
- kind: ServiceAccount
name: sealed-secrets-controller
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations: {}
labels:
name: secrets-unsealer
name: secrets-unsealer
rules:
- apiGroups:
- bitnami.com
resources:
- sealedsecrets
verbs:
- get
- list
- watch
- apiGroups:
- bitnami.com
resources:
- sealedsecrets/status
verbs:
- update
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- create
- update
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
---
apiVersion: v1
kind: ServiceAccount
metadata:
annotations: {}
labels:
name: sealed-secrets-controller
name: sealed-secrets-controller
namespace: kube-system
---
apiVersion: apps/v1
kind: Deployment
metadata:
annotations: {}
labels:
name: sealed-secrets-controller
name: sealed-secrets-controller
namespace: kube-system
spec:
minReadySeconds: 30
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
name: sealed-secrets-controller
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
annotations: {}
labels:
name: sealed-secrets-controller
spec:
containers:
- args: []
command:
- controller
env: []
image: docker.io/bitnami/sealed-secrets-controller:v0.17.5
imagePullPolicy: Always
livenessProbe:
httpGet:
path: /healthz
port: http
name: sealed-secrets-controller
ports:
- containerPort: 8080
name: http
readinessProbe:
httpGet:
path: /healthz
port: http
securityContext:
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1001
stdin: false
tty: false
volumeMounts:
- mountPath: /tmp
name: tmp
imagePullSecrets: []
initContainers: []
securityContext:
fsGroup: 65534
serviceAccountName: sealed-secrets-controller
terminationGracePeriodSeconds: 30
volumes:
- emptyDir: {}
name: tmp
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: sealedsecrets.bitnami.com
spec:
group: bitnami.com
names:
kind: SealedSecret
listKind: SealedSecretList
plural: sealedsecrets
singular: sealedsecret
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
spec:
type: object
x-kubernetes-preserve-unknown-fields: true
status:
x-kubernetes-preserve-unknown-fields: true
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: v1
kind: Service
metadata:
annotations: {}
labels:
name: sealed-secrets-controller
name: sealed-secrets-controller
namespace: kube-system
spec:
ports:
- port: 8080
targetPort: 8080
selector:
name: sealed-secrets-controller
type: ClusterIP
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
annotations: {}
labels:
name: sealed-secrets-service-proxier
name: sealed-secrets-service-proxier
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: sealed-secrets-service-proxier
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: system:authenticated
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
annotations: {}
labels:
name: sealed-secrets-controller
name: sealed-secrets-controller
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: sealed-secrets-key-admin
subjects:
- kind: ServiceAccount
name: sealed-secrets-controller
namespace: kube-system

287
argocd/sealed-secrets/values.yaml
View File

@@ -1,143 +1,144 @@
sealed-secrets: #sealed-secrets:
#
kubeVersion: "" # kubeVersion: ""
nameOverride: "" # nameOverride: ""
fullnameOverride: "" # fullnameOverride: ""
namespace: "" # namespace: ""
extraDeploy: [] # extraDeploy: []
commonAnnotations: {} # commonAnnotations: {}
#
image: # image:
registry: docker.io # registry: docker.io
repository: bitnami/sealed-secrets-controller # repository: bitnami/sealed-secrets-controller
tag: v0.18.5 # tag: v0.18.5
pullPolicy: Always # pullPolicy: Always
pullSecrets: [] # pullSecrets: []
#
createController: true # createController: true
secretName: "sealed-secrets-key" # secretName: "sealed-secrets-key"
updateStatus: true # updateStatus: true
keyrenewperiod: "" # keyrenewperiod: ""
rateLimit: "" # rateLimit: ""
rateLimitBurst: "" # rateLimitBurst: ""
additionalNamespaces: [] # additionalNamespaces: []
command: [] # command: []
args: [] # args: []
livenessProbe: # livenessProbe:
enabled: true # enabled: true
initialDelaySeconds: 0 # initialDelaySeconds: 0
periodSeconds: 10 # periodSeconds: 10
timeoutSeconds: 1 # timeoutSeconds: 1
failureThreshold: 3 # failureThreshold: 3
successThreshold: 1 # successThreshold: 1
readinessProbe: # readinessProbe:
enabled: true # enabled: true
initialDelaySeconds: 0 # initialDelaySeconds: 0
periodSeconds: 10 # periodSeconds: 10
timeoutSeconds: 1 # timeoutSeconds: 1
failureThreshold: 3 # failureThreshold: 3
successThreshold: 1 # successThreshold: 1
startupProbe: # startupProbe:
enabled: false # enabled: false
initialDelaySeconds: 0 # initialDelaySeconds: 0
periodSeconds: 10 # periodSeconds: 10
timeoutSeconds: 1 # timeoutSeconds: 1
failureThreshold: 3 # failureThreshold: 3
successThreshold: 1 # successThreshold: 1
#
customLivenessProbe: {} # customLivenessProbe: {}
#
customReadinessProbe: {} # customReadinessProbe: {}
#
customStartupProbe: {} # customStartupProbe: {}
#
resources: # resources:
limits: {} # limits: {}
requests: {} # requests: {}
#
podSecurityContext: # podSecurityContext:
enabled: true # enabled: true
fsGroup: 65534 # fsGroup: 65534
containerSecurityContext: # containerSecurityContext:
enabled: true # enabled: true
readOnlyRootFilesystem: true # readOnlyRootFilesystem: true
runAsNonRoot: true # runAsNonRoot: true
runAsUser: 1001 # runAsUser: 1001
#
automountServiceAccountToken: "" # automountServiceAccountToken: ""
#
podLabels: {} # podLabels: {}
#
podAnnotations: {} # podAnnotations: {}
#
priorityClassName: "" # priorityClassName: ""
#
runtimeClassName: "" # runtimeClassName: ""
#
affinity: {} # affinity: {}
#
nodeSelector: {} # nodeSelector: {}
#
tolerations: [] # tolerations: []
#
additionalVolumes: [] # additionalVolumes: []
#
additionalVolumeMounts: [] # additionalVolumeMounts: []
#
hostNetwork: false # hostNetwork: false
#
dnsPolicy: "" # dnsPolicy: ""
#
service: # service:
type: ClusterIP # type: ClusterIP
port: 8080 # port: 8080
nodePort: "" # nodePort: ""
annotations: {} # annotations: {}
#
ingress: # ingress:
enabled: false # enabled: false
pathType: ImplementationSpecific # pathType: ImplementationSpecific
apiVersion: "" # apiVersion: ""
ingressClassName: "" # ingressClassName: ""
hostname: sealed-secrets.local # hostname: sealed-secrets.local
path: /v1/cert.pem # path: /v1/cert.pem
annotations: # annotations:
tls: false # tls: false
selfSigned: false # selfSigned: false
extraHosts: [] # extraHosts: []
extraPaths: [] # extraPaths: []
extraTls: [] # extraTls: []
secrets: [] # secrets: []
#
networkPolicy: # networkPolicy:
enabled: false # enabled: false
#
serviceAccount: # serviceAccount:
annotations: {} # annotations: {}
create: true # create: true
labels: {} # labels: {}
name: "" # name: ""
automountServiceAccountToken: "" # automountServiceAccountToken: ""
#
rbac: # rbac:
create: true # create: true
clusterRole: true # clusterRole: true
labels: {} # labels: {}
pspEnabled: false # pspEnabled: false
#
metrics: # metrics:
serviceMonitor: # serviceMonitor:
enabled: false # enabled: false
namespace: "" # namespace: ""
labels: {} # labels: {}
annotations: {} # annotations: {}
interval: "" # interval: ""
scrapeTimeout: "" # scrapeTimeout: ""
honorLabels: true # honorLabels: true
metricRelabelings: [] # metricRelabelings: []
relabelings: [] # relabelings: []
dashboards: # dashboards:
create: false # create: false
labels: {} # labels: {}
namespace: "" # namespace: ""
#
#