Last active
October 30, 2023 19:05
-
-
Save ismailbay/13ead7f4a3147ef82b455d839a632b91 to your computer and use it in GitHub Desktop.
csr-approver-standalone
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # Source: kubelet-csr-approver/templates/serviceaccount.yaml | |
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: | |
| name: kubelet-csr-approver | |
| namespace: kube-system | |
| labels: | |
| helm.sh/chart: kubelet-csr-approver-1.0.5 | |
| app.kubernetes.io/name: kubelet-csr-approver | |
| app.kubernetes.io/instance: kubelet-csr-approver | |
| app.kubernetes.io/version: "v1.0.5" | |
| app.kubernetes.io/managed-by: Helm | |
| --- | |
| # Source: kubelet-csr-approver/templates/clusterrole.yaml | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRole | |
| metadata: | |
| name: kubelet-csr-approver | |
| rules: | |
| - apiGroups: | |
| - coordination.k8s.io | |
| resources: | |
| - leases | |
| verbs: | |
| - create | |
| - get | |
| - update | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - events | |
| verbs: | |
| - create | |
| - apiGroups: | |
| - certificates.k8s.io | |
| resources: | |
| - certificatesigningrequests | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - certificates.k8s.io | |
| resources: | |
| - certificatesigningrequests/approval | |
| verbs: | |
| - update | |
| - apiGroups: | |
| - certificates.k8s.io | |
| resourceNames: | |
| - kubernetes.io/kubelet-serving | |
| resources: | |
| - signers | |
| verbs: | |
| - approve | |
| --- | |
| # Source: kubelet-csr-approver/templates/rolebinding.yaml | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRoleBinding | |
| metadata: | |
| name: kubelet-csr-approver | |
| namespace: kube-system | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: ClusterRole | |
| name: kubelet-csr-approver | |
| subjects: | |
| - kind: ServiceAccount | |
| name: kubelet-csr-approver | |
| namespace: kube-system | |
| --- | |
| # Source: kubelet-csr-approver/templates/service.yaml | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: kubelet-csr-approver | |
| namespace: kube-system | |
| labels: | |
| helm.sh/chart: kubelet-csr-approver-1.0.5 | |
| app.kubernetes.io/name: kubelet-csr-approver | |
| app.kubernetes.io/instance: kubelet-csr-approver | |
| app.kubernetes.io/version: "v1.0.5" | |
| app.kubernetes.io/managed-by: Helm | |
| annotations: | |
| prometheus.io/port: '8080' | |
| prometheus.io/scrape: 'true' | |
| spec: | |
| type: ClusterIP | |
| ports: | |
| - port: 8080 | |
| targetPort: metrics | |
| protocol: TCP | |
| name: metrics | |
| selector: | |
| app.kubernetes.io/name: kubelet-csr-approver | |
| app.kubernetes.io/instance: kubelet-csr-approver | |
| --- | |
| # Source: kubelet-csr-approver/templates/deployment.yaml | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| name: kubelet-csr-approver | |
| namespace: kube-system | |
| labels: | |
| helm.sh/chart: kubelet-csr-approver-1.0.5 | |
| app.kubernetes.io/name: kubelet-csr-approver | |
| app.kubernetes.io/instance: kubelet-csr-approver | |
| app.kubernetes.io/version: "v1.0.5" | |
| app.kubernetes.io/managed-by: Helm | |
| spec: | |
| replicas: 2 | |
| selector: | |
| matchLabels: | |
| app.kubernetes.io/name: kubelet-csr-approver | |
| app.kubernetes.io/instance: kubelet-csr-approver | |
| template: | |
| metadata: | |
| labels: | |
| app.kubernetes.io/name: kubelet-csr-approver | |
| app.kubernetes.io/instance: kubelet-csr-approver | |
| spec: | |
| serviceAccountName: kubelet-csr-approver | |
| securityContext: | |
| {} | |
| containers: | |
| - name: kubelet-csr-approver | |
| securityContext: | |
| allowPrivilegeEscalation: false | |
| capabilities: | |
| drop: | |
| - all | |
| privileged: false | |
| readOnlyRootFilesystem: true | |
| runAsGroup: 65532 | |
| runAsNonRoot: true | |
| runAsUser: 65532 | |
| seccompProfile: | |
| type: RuntimeDefault | |
| image: "ghcr.io/postfinance/kubelet-csr-approver:v1.0.5" | |
| imagePullPolicy: IfNotPresent | |
| args: | |
| - -metrics-bind-address | |
| - ":8080" | |
| - -health-probe-bind-address | |
| - ":8081" | |
| - -leader-election | |
| env: | |
| - name: PROVIDER_REGEX | |
| value: ^k8s-dd?$ | |
| - name: BYPASS_DNS_RESOLUTION | |
| value: "true" | |
| - name: ALLOWED_DNS_NAMES | |
| value: "1" | |
| ports: | |
| - name: metrics | |
| containerPort: 8080 | |
| protocol: TCP | |
| livenessProbe: | |
| httpGet: | |
| path: /healthz | |
| port: 8081 | |
| resources: | |
| limits: | |
| cpu: 500m | |
| memory: 128Mi | |
| requests: | |
| cpu: 100m | |
| memory: 64Mi | |
| tolerations: | |
| - effect: NoSchedule | |
| key: node-role.kubernetes.io/control-plane | |
| operator: Equal | |
| --- | |
| # Source: kubelet-csr-approver/templates/tests/test-connection.yaml | |
| apiVersion: v1 | |
| kind: Pod | |
| metadata: | |
| name: "kubelet-csr-approver-test-connection" | |
| namespace: kube-system | |
| labels: | |
| helm.sh/chart: kubelet-csr-approver-1.0.5 | |
| app.kubernetes.io/name: kubelet-csr-approver | |
| app.kubernetes.io/instance: kubelet-csr-approver | |
| app.kubernetes.io/version: "v1.0.5" | |
| app.kubernetes.io/managed-by: Helm | |
| annotations: | |
| "helm.sh/hook": test | |
| spec: | |
| containers: | |
| - name: wget | |
| image: busybox | |
| command: | |
| - /bin/sh | |
| - -c | |
| - | | |
| sleep 10 ; wget -O- -S kubelet-csr-approver:8080/metrics | |
| restartPolicy: Never |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment