Skip to content

Instantly share code, notes, and snippets.

@voor

voor/add_metadata_store.yaml

Last active October 21, 2021 16:17
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save voor/a13c1311cc8e60acc29f4b7ba2dd1110 to your computer and use it in GitHub Desktop.
Save voor/a13c1311cc8e60acc29f4b7ba2dd1110 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
add_metadata_store.yaml
#@ load("@ytt:overlay", "overlay")
#@ load("@ytt:data", "data")
#@overlay/match by=overlay.subset({"kind": "Deployment"}), expects="1+"
---
spec:
template:
spec:
containers:
#@overlay/match by=overlay.subset({"name": "manager"}), expects="1+"
- name: manager
#@overlay/match, missing_ok=True
env:
#@overlay/match by=overlay.subset({"name": "METADATA_STORE_URL"}), missing_ok=True
- name: METADATA_STORE_URL
value: #@ data.values.metadataStoreUrl
#@overlay/match by=overlay.subset({"name": "METADATA_STORE_CA"}), missing_ok=True
- name: METADATA_STORE_CA
value: #@ data.values.metadataStoreCa
#@ if data.values.metadataStoreTokenSecret == None:
#@ elif len(data.values.metadataStoreTokenSecret) > 0:
- name: METADATA_STORE_TOKEN
valueFrom:
secretKeyRef:
name: #@ data.values.metadataStoreTokenSecret
key: token
#@ end
Raw
config.yaml
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: scan-link-controller-manager
namespace: scan-link-system
labels:
control-plane: controller-manager
spec:
selector:
matchLabels:
control-plane: controller-manager
replicas: 1
template:
metadata:
labels:
control-plane: controller-manager
spec:
securityContext:
runAsNonRoot: true
containers:
- command:
- /manager
args:
- --leader-elect
image: registry.tanzu.vmware.com/supply-chain-security-tools/scan-controller-image@sha256:7550afc8cfb202c624aa9ae9a3769141e7505379a5403d12fb2f46255be869b8
imagePullPolicy: IfNotPresent
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
name: manager
securityContext:
allowPrivilegeEscalation: false
livenessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 15
periodSeconds: 20
readinessProbe:
httpGet:
path: /readyz
port: 8081
initialDelaySeconds: 5
periodSeconds: 10
resources:
limits:
cpu: 250m
memory: 256Mi
requests:
cpu: 100m
memory: 128Mi
serviceAccountName: scan-link-controller-manager
terminationGracePeriodSeconds: 10
imagePullSecrets:
- name: controller-secret-ref
Raw
data.yaml
#@data/values
---
namespace: scan-link-system
controllerImage: registry.tanzu.vmware.com/supply-chain-security-tools/scan-controller-image@sha256:7550afc8cfb202c624aa9ae9a3769141e7505379a5403d12fb2f46255be869b8
controllerImagePullSecret: controller-secret-ref
kubeRbacProxyImage: registry.tanzu.vmware.com/supply-chain-security-tools/kube-rbac-proxy@sha256:de198428daee3dc8bf58a73b1a7d2bc5e8a0af309fbc5e178b7588017a7a8c53
docker:
username:
password:
server:
metadataStoreUrl:
metadataStoreCa:
metadataStoreTokenSecret:
resources:
limits:
cpu: 250m
memory: 256Mi
requests:
cpu: 100m
memory: 128Mi
Raw
overlay.yaml
#@ load("@ytt:overlay", "overlay")
#@ load("@ytt:data", "data")
---
apiVersion: secretgen.carvel.dev/v1alpha1
kind: SecretImport
metadata:
name: app-tls-cert
namespace: scan-link-system
spec:
fromNamespace: metadata-store
#@overlay/match by=overlay.subset({"kind": "Deployment"}), expects="1+"
---
spec:
template:
spec:
containers:
#@overlay/match by=overlay.subset({"name": "manager"}), expects="1+"
- name: manager
#@overlay/match, missing_ok=True
env:
#@overlay/match by="name"
- name: METADATA_STORE_CA
#@overlay/remove
value:
#@overlay/match, missing_ok=True
valueFrom:
secretKeyRef:
name: app-tls-cert
key: ca.crt
---
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment