Skip to content

Instantly share code, notes, and snippets.

@kahootali
Created March 6, 2020 11:57
Show Gist options
  • Save kahootali/7d3ec527bde61db3c5a261c3dc6a67f6 to your computer and use it in GitHub Desktop.
Save kahootali/7d3ec527bde61db3c5a261c3dc6a67f6 to your computer and use it in GitHub Desktop.
Gist containing Vanilla manifest to deploy Sealed Secrets Controller
apiVersion: v1
kind: ServiceAccount
metadata:
annotations: {}
labels:
name: sealed-secrets-controller
name: sealed-secrets-controller
---
apiVersion: apps/v1
kind: Deployment
metadata:
annotations: {}
labels:
name: sealed-secrets-controller
name: sealed-secrets-controller
spec:
minReadySeconds: 30
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
name: sealed-secrets-controller
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
annotations: {}
labels:
name: sealed-secrets-controller
spec:
containers:
- args:
- "--all-namespaces=false"
command:
- controller
env: []
image: quay.io/bitnami/sealed-secrets-controller:v0.10.0
imagePullPolicy: Always
livenessProbe:
httpGet:
path: /healthz
port: http
name: sealed-secrets-controller
ports:
- containerPort: 8080
name: http
readinessProbe:
httpGet:
path: /healthz
port: http
securityContext:
readOnlyRootFilesystem: true
runAsNonRoot: true
stdin: false
tty: false
volumeMounts:
- mountPath: /tmp
name: tmp
imagePullSecrets: []
initContainers: []
serviceAccountName: sealed-secrets-controller
terminationGracePeriodSeconds: 30
volumes:
- emptyDir: {}
name: tmp
---
apiVersion: v1
kind: Service
metadata:
annotations: {}
labels:
name: sealed-secrets-controller
name: sealed-secrets-controller
spec:
ports:
- port: 8080
targetPort: 8080
selector:
name: sealed-secrets-controller
type: ClusterIP
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
annotations: {}
labels:
name: sealed-secrets-service-proxier
name: sealed-secrets-service-proxier
rules:
- apiGroups:
- ""
resourceNames:
- 'http:sealed-secrets-controller:'
- sealed-secrets-controller
resources:
- services/proxy
verbs:
- create
- get
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
annotations: {}
labels:
name: sealed-secrets-service-proxier
name: sealed-secrets-service-proxier
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: sealed-secrets-service-proxier
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: system:authenticated
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
annotations: {}
labels:
name: sealed-secrets-role
name: sealed-secrets-role
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- list
- apiGroups:
- bitnami.com
resources:
- sealedsecrets
verbs:
- get
- list
- watch
- update
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- create
- update
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
annotations: {}
labels:
name: sealed-secrets-rolebinding
name: sealed-secrets-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: sealed-secrets-role
subjects:
- kind: ServiceAccount
name: sealed-secrets-controller
namespace: NAMESPACE_NAME
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment