V3ckt0r/flux-deployment.yaml

## flux-deployment.yaml
---
apiVersion: v1
kind: Namespace
metadata:
  name: flux
---
apiVersion: extensions/v1beta1 #apps/v1
kind: Deployment
metadata:
  name: flux
  namespace: flux
spec:
  replicas: 1
  selector:
    matchLabels:
      name: flux
  strategy:
    type: Recreate
  template:
    metadata:
      annotations:
        prometheus.io.port: "3031" # tell prometheus to scrape /metrics endpoint's port.
      labels:
        name: flux
    spec:
      serviceAccountName: flux
      volumes:
      - name: git-key
        secret:
          secretName: flux-git-deploy
          defaultMode: 0400 # when mounted read-only, we won't be able to chmod
      - name: git-keygen
        emptyDir:
          medium: Memory
      - name: ssh-config
        configMap:
          name: known-hosts #flux-ssh-config
      containers:
      - name: flux
        image: quay.io/weaveworks/flux:1.11.0
        imagePullPolicy: IfNotPresent
        resources:
          requests:
            cpu: 50m
            memory: 64Mi
        ports:
        - containerPort: 3030 # informational
        volumeMounts:
        - name: git-key
          mountPath: /etc/fluxd/ssh # to match location given in image's /etc/ssh/config
          readOnly: true # this will be the case perforce in K8s >=1.10
        - name: git-keygen
          mountPath: /var/fluxd/keygen # to match location given in image's /etc/ssh/config
        # Include this if you need to mount a customised known_hosts
        # file; you'll also need the volume declared above.
        - name: ssh-config
          mountPath: /root/.ssh
        args:
        - --memcached-hostname=memcached
        - --memcached-service=
        - --ssh-keygen-dir=/var/fluxd/keygen
        - --git-url=git@xxxxxxxxxxxxxxxxxxxxxxxxxx.git
        - --git-branch=master
        - --listen-metrics=:3031
---
# The service account, cluster roles, and cluster role binding are
# only needed for Kubernetes with role-based access control (RBAC).
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    name: flux
  name: flux
  namespace: flux
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
  labels:
    name: flux
  name: flux
rules:
  - apiGroups: ['*']
    resources: ['*']
    verbs: ['*']
  - nonResourceURLs: ['*']
    verbs: ['*']
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  labels:
    name: flux
  name: flux
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: flux
subjects:
  - kind: ServiceAccount
    name: flux
    namespace: flux
---
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: known-hosts
  namespace: flux
data:
  known_hosts: |
    xxxxxxxxxxxx,xxx.xxx.xxx.xxx ecdsa-xxxx xxxxxxxx
	---
	apiVersion: v1
	kind: Namespace
	metadata:
	name: flux
	---
	apiVersion: extensions/v1beta1 #apps/v1
	kind: Deployment
	metadata:
	name: flux
	namespace: flux
	spec:
	replicas: 1
	selector:
	matchLabels:
	name: flux
	strategy:
	type: Recreate
	template:
	metadata:
	annotations:
	prometheus.io.port: "3031" # tell prometheus to scrape /metrics endpoint's port.
	labels:
	name: flux
	spec:
	serviceAccountName: flux
	volumes:
	- name: git-key
	secret:
	secretName: flux-git-deploy
	defaultMode: 0400 # when mounted read-only, we won't be able to chmod
	- name: git-keygen
	emptyDir:
	medium: Memory
	- name: ssh-config
	configMap:
	name: known-hosts #flux-ssh-config
	containers:
	- name: flux
	image: quay.io/weaveworks/flux:1.11.0
	imagePullPolicy: IfNotPresent
	resources:
	requests:
	cpu: 50m
	memory: 64Mi
	ports:
	- containerPort: 3030 # informational
	volumeMounts:
	- name: git-key
	mountPath: /etc/fluxd/ssh # to match location given in image's /etc/ssh/config
	readOnly: true # this will be the case perforce in K8s >=1.10
	- name: git-keygen
	mountPath: /var/fluxd/keygen # to match location given in image's /etc/ssh/config
	# Include this if you need to mount a customised known_hosts
	# file; you'll also need the volume declared above.
	- name: ssh-config
	mountPath: /root/.ssh
	args:
	- --memcached-hostname=memcached
	- --memcached-service=
	- --ssh-keygen-dir=/var/fluxd/keygen
	- --git-url=git@xxxxxxxxxxxxxxxxxxxxxxxxxx.git
	- --git-branch=master
	- --listen-metrics=:3031
	---
	# The service account, cluster roles, and cluster role binding are
	# only needed for Kubernetes with role-based access control (RBAC).
	apiVersion: v1
	kind: ServiceAccount
	metadata:
	labels:
	name: flux
	name: flux
	namespace: flux
	---
	apiVersion: rbac.authorization.k8s.io/v1beta1
	kind: ClusterRole
	metadata:
	labels:
	name: flux
	name: flux
	rules:
	- apiGroups: ['*']
	resources: ['*']
	verbs: ['*']
	- nonResourceURLs: ['*']
	verbs: ['*']
	---
	apiVersion: rbac.authorization.k8s.io/v1beta1
	kind: ClusterRoleBinding
	metadata:
	labels:
	name: flux
	name: flux
	roleRef:
	apiGroup: rbac.authorization.k8s.io
	kind: ClusterRole
	name: flux
	subjects:
	- kind: ServiceAccount
	name: flux
	namespace: flux
	---
	---
	apiVersion: v1
	kind: ConfigMap
	metadata:
	name: known-hosts
	namespace: flux
	data:
	known_hosts: \|
	xxxxxxxxxxxx,xxx.xxx.xxx.xxx ecdsa-xxxx xxxxxxxx