msnelling/argo-tunnel.yaml

## argo-tunnel.yaml
apiVersion: v1
kind: Namespace
metadata:
  name: ingress-cloudflare
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: argo-tunnel
  namespace: ingress-cloudflare
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: argo-tunnel
rules:
- apiGroups:
  - ""
  - "extensions"
  resources:
  - ingresses
  - services
  - secrets
  - endpoints
  verbs:
  - list
  - get
  - watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: argo-tunnel
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: argo-tunnel
subjects:
- kind: ServiceAccount
  name: argo-tunnel
  namespace: ingress-cloudflare
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  labels:
    app: argo-tunnel
  name: argo-tunnel
spec:
  replicas: 1
  selector:
    matchLabels:
      app: argo-tunnel
  strategy:
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 1
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: argo-tunnel
    spec:
      containers:
      - image: gcr.io/cloudflare-registry/argo-tunnel:0.6.5
        imagePullPolicy: Always
        name: argo-tunnel
        command: ["argot", "couple"]
        args:
        - --incluster
        - --ingress-class=argo-tunnel
        - --v=3
        env:
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      schedulerName: default-scheduler
      serviceAccount: argo-tunnel
      serviceAccountName: argo-tunnel
      terminationGracePeriodSeconds: 30
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
          - weight: 100
            podAffinityTerm:
              labelSelector:
                matchLabels:
                  app: argo-tunnel
              topologyKey: kubernetes.io/hostname
	apiVersion: v1
	kind: Namespace
	metadata:
	name: ingress-cloudflare
	---
	apiVersion: v1
	kind: ServiceAccount
	metadata:
	name: argo-tunnel
	namespace: ingress-cloudflare
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRole
	metadata:
	name: argo-tunnel
	rules:
	- apiGroups:
	- ""
	- "extensions"
	resources:
	- ingresses
	- services
	- secrets
	- endpoints
	verbs:
	- list
	- get
	- watch
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRoleBinding
	metadata:
	name: argo-tunnel
	roleRef:
	apiGroup: rbac.authorization.k8s.io
	kind: ClusterRole
	name: argo-tunnel
	subjects:
	- kind: ServiceAccount
	name: argo-tunnel
	namespace: ingress-cloudflare
	---
	apiVersion: extensions/v1beta1
	kind: Deployment
	metadata:
	labels:
	app: argo-tunnel
	name: argo-tunnel
	spec:
	replicas: 1
	selector:
	matchLabels:
	app: argo-tunnel
	strategy:
	rollingUpdate:
	maxSurge: 1
	maxUnavailable: 1
	type: RollingUpdate
	template:
	metadata:
	labels:
	app: argo-tunnel
	spec:
	containers:
	- image: gcr.io/cloudflare-registry/argo-tunnel:0.6.5
	imagePullPolicy: Always
	name: argo-tunnel
	command: ["argot", "couple"]
	args:
	- --incluster
	- --ingress-class=argo-tunnel
	- --v=3
	env:
	- name: POD_NAMESPACE
	valueFrom:
	fieldRef:
	fieldPath: metadata.namespace
	terminationMessagePath: /dev/termination-log
	terminationMessagePolicy: File
	dnsPolicy: ClusterFirst
	restartPolicy: Always
	schedulerName: default-scheduler
	serviceAccount: argo-tunnel
	serviceAccountName: argo-tunnel
	terminationGracePeriodSeconds: 30
	affinity:
	podAntiAffinity:
	preferredDuringSchedulingIgnoredDuringExecution:
	- weight: 100
	podAffinityTerm:
	labelSelector:
	matchLabels:
	app: argo-tunnel
	topologyKey: kubernetes.io/hostname