upgrade sealed secrets controller deployment
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
0a6e245810
commit
e331f4cc2c
|
@ -1,73 +1,67 @@
|
||||||
---
|
---
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
apiVersion: apps/v1
|
||||||
kind: Role
|
kind: Deployment
|
||||||
metadata:
|
|
||||||
annotations: {}
|
|
||||||
labels:
|
|
||||||
name: sealed-secrets-service-proxier
|
|
||||||
name: sealed-secrets-service-proxier
|
|
||||||
namespace: sealed-secrets
|
|
||||||
rules:
|
|
||||||
- apiGroups:
|
|
||||||
- ""
|
|
||||||
resourceNames:
|
|
||||||
- 'http:sealed-secrets-controller:'
|
|
||||||
- sealed-secrets-controller
|
|
||||||
resources:
|
|
||||||
- services/proxy
|
|
||||||
verbs:
|
|
||||||
- create
|
|
||||||
- get
|
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
|
||||||
kind: Role
|
|
||||||
metadata:
|
|
||||||
annotations: {}
|
|
||||||
labels:
|
|
||||||
name: sealed-secrets-key-admin
|
|
||||||
name: sealed-secrets-key-admin
|
|
||||||
namespace: sealed-secrets
|
|
||||||
rules:
|
|
||||||
- apiGroups:
|
|
||||||
- ""
|
|
||||||
resources:
|
|
||||||
- secrets
|
|
||||||
verbs:
|
|
||||||
- create
|
|
||||||
- list
|
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Service
|
|
||||||
metadata:
|
metadata:
|
||||||
annotations: {}
|
annotations: {}
|
||||||
labels:
|
labels:
|
||||||
name: sealed-secrets-controller
|
name: sealed-secrets-controller
|
||||||
name: sealed-secrets-controller
|
name: sealed-secrets-controller
|
||||||
namespace: sealed-secrets
|
namespace: kube-system
|
||||||
spec:
|
spec:
|
||||||
ports:
|
minReadySeconds: 30
|
||||||
- port: 8080
|
replicas: 1
|
||||||
targetPort: 8080
|
revisionHistoryLimit: 10
|
||||||
selector:
|
selector:
|
||||||
name: sealed-secrets-controller
|
matchLabels:
|
||||||
type: ClusterIP
|
name: sealed-secrets-controller
|
||||||
---
|
strategy:
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
rollingUpdate:
|
||||||
kind: RoleBinding
|
maxSurge: 25%
|
||||||
metadata:
|
maxUnavailable: 25%
|
||||||
annotations: {}
|
type: RollingUpdate
|
||||||
labels:
|
template:
|
||||||
name: sealed-secrets-service-proxier
|
metadata:
|
||||||
name: sealed-secrets-service-proxier
|
annotations: {}
|
||||||
namespace: sealed-secrets
|
labels:
|
||||||
roleRef:
|
name: sealed-secrets-controller
|
||||||
apiGroup: rbac.authorization.k8s.io
|
spec:
|
||||||
kind: Role
|
containers:
|
||||||
name: sealed-secrets-service-proxier
|
- args: []
|
||||||
subjects:
|
command:
|
||||||
- apiGroup: rbac.authorization.k8s.io
|
- controller
|
||||||
kind: Group
|
env: []
|
||||||
name: system:authenticated
|
image: quay.io/bitnami/sealed-secrets-controller:v0.17.1
|
||||||
|
imagePullPolicy: Always
|
||||||
|
livenessProbe:
|
||||||
|
httpGet:
|
||||||
|
path: /healthz
|
||||||
|
port: http
|
||||||
|
name: sealed-secrets-controller
|
||||||
|
ports:
|
||||||
|
- containerPort: 8080
|
||||||
|
name: http
|
||||||
|
readinessProbe:
|
||||||
|
httpGet:
|
||||||
|
path: /healthz
|
||||||
|
port: http
|
||||||
|
securityContext:
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 1001
|
||||||
|
stdin: false
|
||||||
|
tty: false
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /tmp
|
||||||
|
name: tmp
|
||||||
|
imagePullSecrets: []
|
||||||
|
initContainers: []
|
||||||
|
securityContext:
|
||||||
|
fsGroup: 65534
|
||||||
|
serviceAccountName: sealed-secrets-controller
|
||||||
|
terminationGracePeriodSeconds: 30
|
||||||
|
volumes:
|
||||||
|
- emptyDir: {}
|
||||||
|
name: tmp
|
||||||
---
|
---
|
||||||
apiVersion: apiextensions.k8s.io/v1
|
apiVersion: apiextensions.k8s.io/v1
|
||||||
kind: CustomResourceDefinition
|
kind: CustomResourceDefinition
|
||||||
|
@ -97,14 +91,67 @@ spec:
|
||||||
subresources:
|
subresources:
|
||||||
status: {}
|
status: {}
|
||||||
---
|
---
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
annotations: {}
|
||||||
|
labels:
|
||||||
|
name: sealed-secrets-controller
|
||||||
|
name: sealed-secrets-controller
|
||||||
|
namespace: kube-system
|
||||||
|
spec:
|
||||||
|
ports:
|
||||||
|
- port: 8080
|
||||||
|
targetPort: 8080
|
||||||
|
selector:
|
||||||
|
name: sealed-secrets-controller
|
||||||
|
type: ClusterIP
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: RoleBinding
|
||||||
|
metadata:
|
||||||
|
annotations: {}
|
||||||
|
labels:
|
||||||
|
name: sealed-secrets-service-proxier
|
||||||
|
name: sealed-secrets-service-proxier
|
||||||
|
namespace: kube-system
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: Role
|
||||||
|
name: sealed-secrets-service-proxier
|
||||||
|
subjects:
|
||||||
|
- apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: Group
|
||||||
|
name: system:authenticated
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: Role
|
||||||
|
metadata:
|
||||||
|
annotations: {}
|
||||||
|
labels:
|
||||||
|
name: sealed-secrets-service-proxier
|
||||||
|
name: sealed-secrets-service-proxier
|
||||||
|
namespace: kube-system
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resourceNames:
|
||||||
|
- 'http:sealed-secrets-controller:'
|
||||||
|
- sealed-secrets-controller
|
||||||
|
resources:
|
||||||
|
- services/proxy
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- get
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
kind: RoleBinding
|
kind: RoleBinding
|
||||||
metadata:
|
metadata:
|
||||||
annotations: {}
|
annotations: {}
|
||||||
labels:
|
labels:
|
||||||
name: sealed-secrets-controller
|
name: sealed-secrets-controller
|
||||||
name: sealed-secrets-controller
|
name: sealed-secrets-controller
|
||||||
namespace: sealed-secrets
|
namespace: kube-system
|
||||||
roleRef:
|
roleRef:
|
||||||
apiGroup: rbac.authorization.k8s.io
|
apiGroup: rbac.authorization.k8s.io
|
||||||
kind: Role
|
kind: Role
|
||||||
|
@ -112,25 +159,35 @@ roleRef:
|
||||||
subjects:
|
subjects:
|
||||||
- kind: ServiceAccount
|
- kind: ServiceAccount
|
||||||
name: sealed-secrets-controller
|
name: sealed-secrets-controller
|
||||||
namespace: sealed-secrets
|
namespace: kube-system
|
||||||
---
|
---
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
kind: ClusterRoleBinding
|
kind: Role
|
||||||
|
metadata:
|
||||||
|
annotations: {}
|
||||||
|
labels:
|
||||||
|
name: sealed-secrets-key-admin
|
||||||
|
name: sealed-secrets-key-admin
|
||||||
|
namespace: kube-system
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- secrets
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- list
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
metadata:
|
metadata:
|
||||||
annotations: {}
|
annotations: {}
|
||||||
labels:
|
labels:
|
||||||
name: sealed-secrets-controller
|
name: sealed-secrets-controller
|
||||||
name: sealed-secrets-controller
|
name: sealed-secrets-controller
|
||||||
roleRef:
|
namespace: kube-system
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
||||||
kind: ClusterRole
|
|
||||||
name: secrets-unsealer
|
|
||||||
subjects:
|
|
||||||
- kind: ServiceAccount
|
|
||||||
name: sealed-secrets-controller
|
|
||||||
namespace: sealed-secrets
|
|
||||||
---
|
---
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
kind: ClusterRole
|
kind: ClusterRole
|
||||||
metadata:
|
metadata:
|
||||||
annotations: {}
|
annotations: {}
|
||||||
|
@ -169,76 +226,18 @@ rules:
|
||||||
- create
|
- create
|
||||||
- patch
|
- patch
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
kind: ServiceAccount
|
kind: ClusterRoleBinding
|
||||||
metadata:
|
metadata:
|
||||||
annotations: {}
|
annotations: {}
|
||||||
labels:
|
labels:
|
||||||
name: sealed-secrets-controller
|
name: sealed-secrets-controller
|
||||||
name: sealed-secrets-controller
|
name: sealed-secrets-controller
|
||||||
namespace: sealed-secrets
|
roleRef:
|
||||||
---
|
apiGroup: rbac.authorization.k8s.io
|
||||||
apiVersion: apps/v1
|
kind: ClusterRole
|
||||||
kind: Deployment
|
name: secrets-unsealer
|
||||||
metadata:
|
subjects:
|
||||||
annotations: {}
|
- kind: ServiceAccount
|
||||||
labels:
|
|
||||||
name: sealed-secrets-controller
|
|
||||||
name: sealed-secrets-controller
|
name: sealed-secrets-controller
|
||||||
namespace: sealed-secrets
|
namespace: kube-system
|
||||||
spec:
|
|
||||||
minReadySeconds: 30
|
|
||||||
replicas: 1
|
|
||||||
revisionHistoryLimit: 10
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
name: sealed-secrets-controller
|
|
||||||
strategy:
|
|
||||||
rollingUpdate:
|
|
||||||
maxSurge: 25%
|
|
||||||
maxUnavailable: 25%
|
|
||||||
type: RollingUpdate
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
annotations: {}
|
|
||||||
labels:
|
|
||||||
name: sealed-secrets-controller
|
|
||||||
spec:
|
|
||||||
containers:
|
|
||||||
- args:
|
|
||||||
- --update-status
|
|
||||||
command:
|
|
||||||
- controller
|
|
||||||
env: []
|
|
||||||
image: quay.io/bitnami/sealed-secrets-controller:v0.17.1
|
|
||||||
imagePullPolicy: Always
|
|
||||||
livenessProbe:
|
|
||||||
httpGet:
|
|
||||||
path: /healthz
|
|
||||||
port: http
|
|
||||||
name: sealed-secrets-controller
|
|
||||||
ports:
|
|
||||||
- containerPort: 8080
|
|
||||||
name: http
|
|
||||||
readinessProbe:
|
|
||||||
httpGet:
|
|
||||||
path: /healthz
|
|
||||||
port: http
|
|
||||||
securityContext:
|
|
||||||
readOnlyRootFilesystem: true
|
|
||||||
runAsNonRoot: true
|
|
||||||
runAsUser: 1001
|
|
||||||
stdin: false
|
|
||||||
tty: false
|
|
||||||
volumeMounts:
|
|
||||||
- mountPath: /tmp
|
|
||||||
name: tmp
|
|
||||||
imagePullSecrets: []
|
|
||||||
initContainers: []
|
|
||||||
securityContext:
|
|
||||||
fsGroup: 65534
|
|
||||||
serviceAccountName: sealed-secrets-controller
|
|
||||||
terminationGracePeriodSeconds: 30
|
|
||||||
volumes:
|
|
||||||
- emptyDir: {}
|
|
||||||
name: tmp
|
|
||||||
|
|
Reference in a new issue