gitops-tbrnt/sealed-secrets/controller.yaml

---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
  annotations: {}
  labels:
    name: sealed-secrets-service-proxier
  name: sealed-secrets-service-proxier
  namespace: sealed-secrets
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: sealed-secrets-service-proxier
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: Group
  name: system:authenticated
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
  annotations: {}
  labels:
    name: sealed-secrets-key-admin
  name: sealed-secrets-key-admin
  namespace: sealed-secrets
rules:
- apiGroups:
  - ""
  resources:
  - secrets
  verbs:
  - create
  - list
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
  annotations: {}
  labels:
    name: secrets-unsealer
  name: secrets-unsealer
rules:
- apiGroups:
  - bitnami.com
  resources:
  - sealedsecrets
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - bitnami.com
  resources:
  - sealedsecrets/status
  verbs:
  - update
- apiGroups:
  - ""
  resources:
  - secrets
  verbs:
  - get
  - create
  - update
  - delete
- apiGroups:
  - ""
  resources:
  - events
  verbs:
  - create
  - patch
---
apiVersion: apps/v1
kind: Deployment
metadata:
  annotations: {}
  labels:
    name: sealed-secrets-controller
  name: sealed-secrets-controller
  namespace: sealed-secrets
spec:
  minReadySeconds: 30
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      name: sealed-secrets-controller
  strategy:
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 25%
    type: RollingUpdate
  template:
    metadata:
      annotations: {}
      labels:
        name: sealed-secrets-controller
    spec:
      containers:
      - args:
        - --update-status
        command:
        - controller
        env: []
        image: quay.io/bitnami/sealed-secrets-controller:v0.15.0
        imagePullPolicy: Always
        livenessProbe:
          httpGet:
            path: /healthz
            port: http
        name: sealed-secrets-controller
        ports:
        - containerPort: 8080
          name: http
        readinessProbe:
          httpGet:
            path: /healthz
            port: http
        securityContext:
          readOnlyRootFilesystem: true
          runAsNonRoot: true
          runAsUser: 1001
        stdin: false
        tty: false
        volumeMounts:
        - mountPath: /tmp
          name: tmp
      imagePullSecrets: []
      initContainers: []
      securityContext:
        fsGroup: 65534
      serviceAccountName: sealed-secrets-controller
      terminationGracePeriodSeconds: 30
      volumes:
      - emptyDir: {}
        name: tmp
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  name: sealedsecrets.bitnami.com
spec:
  group: bitnami.com
  names:
    kind: SealedSecret
    listKind: SealedSecretList
    plural: sealedsecrets
    singular: sealedsecret
  scope: Namespaced
  versions:
  - name: v1alpha1
    schema:
      openAPIV3Schema:
        properties:
          spec:
            type: object
            x-kubernetes-preserve-unknown-fields: true
        type: object
    served: true
    storage: true
    subresources:
      status: {}
---
apiVersion: v1
kind: Service
metadata:
  annotations: {}
  labels:
    name: sealed-secrets-controller
  name: sealed-secrets-controller
  namespace: sealed-secrets
spec:
  ports:
  - port: 8080
    targetPort: 8080
  selector:
    name: sealed-secrets-controller
  type: ClusterIP
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  annotations: {}
  labels:
    name: sealed-secrets-controller
  name: sealed-secrets-controller
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: secrets-unsealer
subjects:
- kind: ServiceAccount
  name: sealed-secrets-controller
  namespace: sealed-secrets
---
apiVersion: v1
kind: ServiceAccount
metadata:
  annotations: {}
  labels:
    name: sealed-secrets-controller
  name: sealed-secrets-controller
  namespace: sealed-secrets
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
  annotations: {}
  labels:
    name: sealed-secrets-service-proxier
  name: sealed-secrets-service-proxier
  namespace: sealed-secrets
rules:
- apiGroups:
  - ""
  resourceNames:
  - 'http:sealed-secrets-controller:'
  - sealed-secrets-controller
  resources:
  - services/proxy
  verbs:
  - create
  - get
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
  annotations: {}
  labels:
    name: sealed-secrets-controller
  name: sealed-secrets-controller
  namespace: sealed-secrets
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: sealed-secrets-key-admin
subjects:
- kind: ServiceAccount
  name: sealed-secrets-controller
  namespace: sealed-secrets
install sealed secrets controller 2020-01-25 19:13:41 +00:00			`---`
upgrade sealed secrets controller 2021-04-15 18:57:27 +00:00			`apiVersion: rbac.authorization.k8s.io/v1beta1`
			`kind: RoleBinding`
			`metadata:`
			`annotations: {}`
			`labels:`
			`name: sealed-secrets-service-proxier`
			`name: sealed-secrets-service-proxier`
sealed secrets in ns 2021-04-15 18:59:52 +00:00			`namespace: sealed-secrets`
upgrade sealed secrets controller 2021-04-15 18:57:27 +00:00			`roleRef:`
			`apiGroup: rbac.authorization.k8s.io`
			`kind: Role`
			`name: sealed-secrets-service-proxier`
			`subjects:`
			`- apiGroup: rbac.authorization.k8s.io`
			`kind: Group`
			`name: system:authenticated`
			`---`
			`apiVersion: rbac.authorization.k8s.io/v1beta1`
			`kind: Role`
			`metadata:`
			`annotations: {}`
			`labels:`
			`name: sealed-secrets-key-admin`
			`name: sealed-secrets-key-admin`
sealed secrets in ns 2021-04-15 18:59:52 +00:00			`namespace: sealed-secrets`
upgrade sealed secrets controller 2021-04-15 18:57:27 +00:00			`rules:`
			`- apiGroups:`
			`- ""`
			`resources:`
			`- secrets`
			`verbs:`
			`- create`
			`- list`
			`---`
			`apiVersion: rbac.authorization.k8s.io/v1beta1`
			`kind: ClusterRole`
			`metadata:`
			`annotations: {}`
			`labels:`
			`name: secrets-unsealer`
			`name: secrets-unsealer`
			`rules:`
			`- apiGroups:`
			`- bitnami.com`
			`resources:`
			`- sealedsecrets`
			`verbs:`
			`- get`
			`- list`
			`- watch`
			`- apiGroups:`
			`- bitnami.com`
			`resources:`
			`- sealedsecrets/status`
			`verbs:`
			`- update`
			`- apiGroups:`
			`- ""`
			`resources:`
			`- secrets`
			`verbs:`
			`- get`
			`- create`
			`- update`
			`- delete`
			`- apiGroups:`
			`- ""`
			`resources:`
			`- events`
			`verbs:`
			`- create`
			`- patch`
			`---`
install sealed secrets controller 2020-01-25 19:13:41 +00:00			`apiVersion: apps/v1`
			`kind: Deployment`
			`metadata:`
			`annotations: {}`
			`labels:`
			`name: sealed-secrets-controller`
			`name: sealed-secrets-controller`
sealed secrets in ns 2021-04-15 18:59:52 +00:00			`namespace: sealed-secrets`
install sealed secrets controller 2020-01-25 19:13:41 +00:00			`spec:`
			`minReadySeconds: 30`
			`replicas: 1`
			`revisionHistoryLimit: 10`
			`selector:`
			`matchLabels:`
			`name: sealed-secrets-controller`
			`strategy:`
			`rollingUpdate:`
			`maxSurge: 25%`
			`maxUnavailable: 25%`
			`type: RollingUpdate`
			`template:`
			`metadata:`
			`annotations: {}`
			`labels:`
			`name: sealed-secrets-controller`
			`spec:`
			`containers:`
enable status on sealed secrets 2021-04-16 18:11:31 +00:00			`- args:`
			`- --update-status`
install sealed secrets controller 2020-01-25 19:13:41 +00:00			`command:`
			`- controller`
			`env: []`
upgrade sealed secrets controller 2021-04-15 18:57:27 +00:00			`image: quay.io/bitnami/sealed-secrets-controller:v0.15.0`
install sealed secrets controller 2020-01-25 19:13:41 +00:00			`imagePullPolicy: Always`
			`livenessProbe:`
			`httpGet:`
			`path: /healthz`
			`port: http`
			`name: sealed-secrets-controller`
			`ports:`
			`- containerPort: 8080`
			`name: http`
			`readinessProbe:`
			`httpGet:`
			`path: /healthz`
			`port: http`
			`securityContext:`
			`readOnlyRootFilesystem: true`
			`runAsNonRoot: true`
			`runAsUser: 1001`
			`stdin: false`
			`tty: false`
			`volumeMounts:`
			`- mountPath: /tmp`
			`name: tmp`
			`imagePullSecrets: []`
			`initContainers: []`
upgrade sealed secret manifests 2020-08-19 18:37:48 +00:00			`securityContext:`
			`fsGroup: 65534`
install sealed secrets controller 2020-01-25 19:13:41 +00:00			`serviceAccountName: sealed-secrets-controller`
			`terminationGracePeriodSeconds: 30`
			`volumes:`
			`- emptyDir: {}`
			`name: tmp`
			`---`
upgrade sealed secrets controller 2021-04-15 18:57:27 +00:00			`apiVersion: apiextensions.k8s.io/v1`
install sealed secrets controller 2020-01-25 19:13:41 +00:00			`kind: CustomResourceDefinition`
			`metadata:`
			`name: sealedsecrets.bitnami.com`
			`spec:`
			`group: bitnami.com`
			`names:`
			`kind: SealedSecret`
			`listKind: SealedSecretList`
			`plural: sealedsecrets`
			`singular: sealedsecret`
			`scope: Namespaced`
upgrade sealed secrets controller 2021-04-15 18:57:27 +00:00			`versions:`
			`- name: v1alpha1`
			`schema:`
			`openAPIV3Schema:`
			`properties:`
			`spec:`
			`type: object`
			`x-kubernetes-preserve-unknown-fields: true`
			`type: object`
			`served: true`
			`storage: true`
			`subresources:`
			`status: {}`
upgrade sealed secret manifests 2020-08-19 18:37:48 +00:00			`---`
			`apiVersion: v1`
			`kind: Service`
			`metadata:`
			`annotations: {}`
			`labels:`
			`name: sealed-secrets-controller`
			`name: sealed-secrets-controller`
sealed secrets in ns 2021-04-15 18:59:52 +00:00			`namespace: sealed-secrets`
upgrade sealed secret manifests 2020-08-19 18:37:48 +00:00			`spec:`
			`ports:`
			`- port: 8080`
			`targetPort: 8080`
			`selector:`
			`name: sealed-secrets-controller`
			`type: ClusterIP`
			`---`
			`apiVersion: rbac.authorization.k8s.io/v1beta1`
upgrade sealed secrets controller 2021-04-15 18:57:27 +00:00			`kind: ClusterRoleBinding`
upgrade sealed secret manifests 2020-08-19 18:37:48 +00:00			`metadata:`
			`annotations: {}`
			`labels:`
upgrade sealed secrets controller 2021-04-15 18:57:27 +00:00			`name: sealed-secrets-controller`
			`name: sealed-secrets-controller`
upgrade sealed secret manifests 2020-08-19 18:37:48 +00:00			`roleRef:`
			`apiGroup: rbac.authorization.k8s.io`
upgrade sealed secrets controller 2021-04-15 18:57:27 +00:00			`kind: ClusterRole`
			`name: secrets-unsealer`
upgrade sealed secret manifests 2020-08-19 18:37:48 +00:00			`subjects:`
upgrade sealed secrets controller 2021-04-15 18:57:27 +00:00			`- kind: ServiceAccount`
			`name: sealed-secrets-controller`
sealed secrets in ns 2021-04-15 18:59:52 +00:00			`namespace: sealed-secrets`
upgrade sealed secret manifests 2020-08-19 18:37:48 +00:00			`---`
upgrade sealed secrets controller 2021-04-15 18:57:27 +00:00			`apiVersion: v1`
			`kind: ServiceAccount`
install sealed secrets controller 2020-01-25 19:13:41 +00:00			`metadata:`
			`annotations: {}`
			`labels:`
			`name: sealed-secrets-controller`
			`name: sealed-secrets-controller`
sealed secrets in ns 2021-04-15 18:59:52 +00:00			`namespace: sealed-secrets`
upgrade sealed secret manifests 2020-08-19 18:37:48 +00:00			`---`
			`apiVersion: rbac.authorization.k8s.io/v1beta1`
			`kind: Role`
			`metadata:`
			`annotations: {}`
			`labels:`
upgrade sealed secrets controller 2021-04-15 18:57:27 +00:00			`name: sealed-secrets-service-proxier`
			`name: sealed-secrets-service-proxier`
sealed secrets in ns 2021-04-15 18:59:52 +00:00			`namespace: sealed-secrets`
upgrade sealed secret manifests 2020-08-19 18:37:48 +00:00			`rules:`
			`- apiGroups:`
			`- ""`
upgrade sealed secrets controller 2021-04-15 18:57:27 +00:00			`resourceNames:`
			`- 'http:sealed-secrets-controller:'`
			`- sealed-secrets-controller`
upgrade sealed secret manifests 2020-08-19 18:37:48 +00:00			`resources:`
upgrade sealed secrets controller 2021-04-15 18:57:27 +00:00			`- services/proxy`
upgrade sealed secret manifests 2020-08-19 18:37:48 +00:00			`verbs:`
			`- create`
upgrade sealed secrets controller 2021-04-15 18:57:27 +00:00			`- get`
upgrade sealed secret manifests 2020-08-19 18:37:48 +00:00			`---`
			`apiVersion: rbac.authorization.k8s.io/v1beta1`
upgrade sealed secrets controller 2021-04-15 18:57:27 +00:00			`kind: RoleBinding`
upgrade sealed secret manifests 2020-08-19 18:37:48 +00:00			`metadata:`
			`annotations: {}`
			`labels:`
			`name: sealed-secrets-controller`
			`name: sealed-secrets-controller`
sealed secrets in ns 2021-04-15 18:59:52 +00:00			`namespace: sealed-secrets`
upgrade sealed secret manifests 2020-08-19 18:37:48 +00:00			`roleRef:`
			`apiGroup: rbac.authorization.k8s.io`
upgrade sealed secrets controller 2021-04-15 18:57:27 +00:00			`kind: Role`
			`name: sealed-secrets-key-admin`
upgrade sealed secret manifests 2020-08-19 18:37:48 +00:00			`subjects:`
			`- kind: ServiceAccount`
			`name: sealed-secrets-controller`
sealed secrets in ns 2021-04-15 18:59:52 +00:00			`namespace: sealed-secrets`