upgrade sealed secrets controller
This commit is contained in:
parent
d0e35418e6
commit
d6150a8b04
|
@ -1,12 +1,65 @@
|
||||||
---
|
---
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
|
kind: Role
|
||||||
|
metadata:
|
||||||
|
annotations: {}
|
||||||
|
labels:
|
||||||
|
name: sealed-secrets-service-proxier
|
||||||
|
name: sealed-secrets-service-proxier
|
||||||
|
namespace: kube-system
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resourceNames:
|
||||||
|
- 'http:sealed-secrets-controller:'
|
||||||
|
- sealed-secrets-controller
|
||||||
|
resources:
|
||||||
|
- services/proxy
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- get
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
|
kind: Role
|
||||||
|
metadata:
|
||||||
|
annotations: {}
|
||||||
|
labels:
|
||||||
|
name: sealed-secrets-key-admin
|
||||||
|
name: sealed-secrets-key-admin
|
||||||
|
namespace: kube-system
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- secrets
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- list
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
annotations: {}
|
||||||
|
labels:
|
||||||
|
name: sealed-secrets-controller
|
||||||
|
name: sealed-secrets-controller
|
||||||
|
namespace: kube-system
|
||||||
|
spec:
|
||||||
|
ports:
|
||||||
|
- port: 8080
|
||||||
|
targetPort: 8080
|
||||||
|
selector:
|
||||||
|
name: sealed-secrets-controller
|
||||||
|
type: ClusterIP
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
kind: RoleBinding
|
kind: RoleBinding
|
||||||
metadata:
|
metadata:
|
||||||
annotations: {}
|
annotations: {}
|
||||||
labels:
|
labels:
|
||||||
name: sealed-secrets-service-proxier
|
name: sealed-secrets-service-proxier
|
||||||
name: sealed-secrets-service-proxier
|
name: sealed-secrets-service-proxier
|
||||||
namespace: sealed-secrets
|
namespace: kube-system
|
||||||
roleRef:
|
roleRef:
|
||||||
apiGroup: rbac.authorization.k8s.io
|
apiGroup: rbac.authorization.k8s.io
|
||||||
kind: Role
|
kind: Role
|
||||||
|
@ -16,22 +69,66 @@ subjects:
|
||||||
kind: Group
|
kind: Group
|
||||||
name: system:authenticated
|
name: system:authenticated
|
||||||
---
|
---
|
||||||
|
apiVersion: apiextensions.k8s.io/v1
|
||||||
|
kind: CustomResourceDefinition
|
||||||
|
metadata:
|
||||||
|
name: sealedsecrets.bitnami.com
|
||||||
|
spec:
|
||||||
|
group: bitnami.com
|
||||||
|
names:
|
||||||
|
kind: SealedSecret
|
||||||
|
listKind: SealedSecretList
|
||||||
|
plural: sealedsecrets
|
||||||
|
singular: sealedsecret
|
||||||
|
scope: Namespaced
|
||||||
|
versions:
|
||||||
|
- name: v1alpha1
|
||||||
|
schema:
|
||||||
|
openAPIV3Schema:
|
||||||
|
properties:
|
||||||
|
spec:
|
||||||
|
type: object
|
||||||
|
x-kubernetes-preserve-unknown-fields: true
|
||||||
|
status:
|
||||||
|
x-kubernetes-preserve-unknown-fields: true
|
||||||
|
type: object
|
||||||
|
served: true
|
||||||
|
storage: true
|
||||||
|
subresources:
|
||||||
|
status: {}
|
||||||
|
---
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
kind: Role
|
kind: RoleBinding
|
||||||
metadata:
|
metadata:
|
||||||
annotations: {}
|
annotations: {}
|
||||||
labels:
|
labels:
|
||||||
name: sealed-secrets-key-admin
|
name: sealed-secrets-controller
|
||||||
|
name: sealed-secrets-controller
|
||||||
|
namespace: kube-system
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: Role
|
||||||
name: sealed-secrets-key-admin
|
name: sealed-secrets-key-admin
|
||||||
namespace: sealed-secrets
|
subjects:
|
||||||
rules:
|
- kind: ServiceAccount
|
||||||
- apiGroups:
|
name: sealed-secrets-controller
|
||||||
- ""
|
namespace: kube-system
|
||||||
resources:
|
---
|
||||||
- secrets
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
verbs:
|
kind: ClusterRoleBinding
|
||||||
- create
|
metadata:
|
||||||
- list
|
annotations: {}
|
||||||
|
labels:
|
||||||
|
name: sealed-secrets-controller
|
||||||
|
name: sealed-secrets-controller
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: ClusterRole
|
||||||
|
name: secrets-unsealer
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: sealed-secrets-controller
|
||||||
|
namespace: kube-system
|
||||||
---
|
---
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
kind: ClusterRole
|
kind: ClusterRole
|
||||||
|
@ -72,6 +169,15 @@ rules:
|
||||||
- create
|
- create
|
||||||
- patch
|
- patch
|
||||||
---
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
annotations: {}
|
||||||
|
labels:
|
||||||
|
name: sealed-secrets-controller
|
||||||
|
name: sealed-secrets-controller
|
||||||
|
namespace: kube-system
|
||||||
|
---
|
||||||
apiVersion: apps/v1
|
apiVersion: apps/v1
|
||||||
kind: Deployment
|
kind: Deployment
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -79,7 +185,7 @@ metadata:
|
||||||
labels:
|
labels:
|
||||||
name: sealed-secrets-controller
|
name: sealed-secrets-controller
|
||||||
name: sealed-secrets-controller
|
name: sealed-secrets-controller
|
||||||
namespace: sealed-secrets
|
namespace: kube-system
|
||||||
spec:
|
spec:
|
||||||
minReadySeconds: 30
|
minReadySeconds: 30
|
||||||
replicas: 1
|
replicas: 1
|
||||||
|
@ -99,12 +205,11 @@ spec:
|
||||||
name: sealed-secrets-controller
|
name: sealed-secrets-controller
|
||||||
spec:
|
spec:
|
||||||
containers:
|
containers:
|
||||||
- args:
|
- args: []
|
||||||
- --update-status
|
|
||||||
command:
|
command:
|
||||||
- controller
|
- controller
|
||||||
env: []
|
env: []
|
||||||
image: quay.io/bitnami/sealed-secrets-controller:v0.15.0
|
image: quay.io/bitnami/sealed-secrets-controller:v0.16.0
|
||||||
imagePullPolicy: Always
|
imagePullPolicy: Always
|
||||||
livenessProbe:
|
livenessProbe:
|
||||||
httpGet:
|
httpGet:
|
||||||
|
@ -136,107 +241,3 @@ spec:
|
||||||
volumes:
|
volumes:
|
||||||
- emptyDir: {}
|
- emptyDir: {}
|
||||||
name: tmp
|
name: tmp
|
||||||
---
|
|
||||||
apiVersion: apiextensions.k8s.io/v1
|
|
||||||
kind: CustomResourceDefinition
|
|
||||||
metadata:
|
|
||||||
name: sealedsecrets.bitnami.com
|
|
||||||
spec:
|
|
||||||
group: bitnami.com
|
|
||||||
names:
|
|
||||||
kind: SealedSecret
|
|
||||||
listKind: SealedSecretList
|
|
||||||
plural: sealedsecrets
|
|
||||||
singular: sealedsecret
|
|
||||||
scope: Namespaced
|
|
||||||
versions:
|
|
||||||
- name: v1alpha1
|
|
||||||
schema:
|
|
||||||
openAPIV3Schema:
|
|
||||||
properties:
|
|
||||||
spec:
|
|
||||||
type: object
|
|
||||||
x-kubernetes-preserve-unknown-fields: true
|
|
||||||
type: object
|
|
||||||
served: true
|
|
||||||
storage: true
|
|
||||||
subresources:
|
|
||||||
status: {}
|
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Service
|
|
||||||
metadata:
|
|
||||||
annotations: {}
|
|
||||||
labels:
|
|
||||||
name: sealed-secrets-controller
|
|
||||||
name: sealed-secrets-controller
|
|
||||||
namespace: sealed-secrets
|
|
||||||
spec:
|
|
||||||
ports:
|
|
||||||
- port: 8080
|
|
||||||
targetPort: 8080
|
|
||||||
selector:
|
|
||||||
name: sealed-secrets-controller
|
|
||||||
type: ClusterIP
|
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
|
||||||
kind: ClusterRoleBinding
|
|
||||||
metadata:
|
|
||||||
annotations: {}
|
|
||||||
labels:
|
|
||||||
name: sealed-secrets-controller
|
|
||||||
name: sealed-secrets-controller
|
|
||||||
roleRef:
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
||||||
kind: ClusterRole
|
|
||||||
name: secrets-unsealer
|
|
||||||
subjects:
|
|
||||||
- kind: ServiceAccount
|
|
||||||
name: sealed-secrets-controller
|
|
||||||
namespace: sealed-secrets
|
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: ServiceAccount
|
|
||||||
metadata:
|
|
||||||
annotations: {}
|
|
||||||
labels:
|
|
||||||
name: sealed-secrets-controller
|
|
||||||
name: sealed-secrets-controller
|
|
||||||
namespace: sealed-secrets
|
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
|
||||||
kind: Role
|
|
||||||
metadata:
|
|
||||||
annotations: {}
|
|
||||||
labels:
|
|
||||||
name: sealed-secrets-service-proxier
|
|
||||||
name: sealed-secrets-service-proxier
|
|
||||||
namespace: sealed-secrets
|
|
||||||
rules:
|
|
||||||
- apiGroups:
|
|
||||||
- ""
|
|
||||||
resourceNames:
|
|
||||||
- 'http:sealed-secrets-controller:'
|
|
||||||
- sealed-secrets-controller
|
|
||||||
resources:
|
|
||||||
- services/proxy
|
|
||||||
verbs:
|
|
||||||
- create
|
|
||||||
- get
|
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
|
||||||
kind: RoleBinding
|
|
||||||
metadata:
|
|
||||||
annotations: {}
|
|
||||||
labels:
|
|
||||||
name: sealed-secrets-controller
|
|
||||||
name: sealed-secrets-controller
|
|
||||||
namespace: sealed-secrets
|
|
||||||
roleRef:
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
||||||
kind: Role
|
|
||||||
name: sealed-secrets-key-admin
|
|
||||||
subjects:
|
|
||||||
- kind: ServiceAccount
|
|
||||||
name: sealed-secrets-controller
|
|
||||||
namespace: sealed-secrets
|
|
||||||
|
|
Reference in a new issue