--- # Source: fairwinds/templates/namespace.yaml apiVersion: v1 kind: Namespace metadata: name: fairwinds --- # Source: fairwinds/templates/secret.yaml apiVersion: v1 kind: Secret metadata: name: fairwinds namespace: fairwinds labels: app: fairwinds type: Opaque data: --- # Source: fairwinds/templates/configmap.yaml apiVersion: v1 kind: ConfigMap metadata: name: fairwinds namespace: fairwinds labels: app: fairwinds data: config.yaml: | resources: cpuRequestsMissing: error cpuLimitsMissing: error memoryRequestsMissing: error memoryLimitsMissing: error images: tagNotSpecified: error healthChecks: readinessProbeMissing: warning livenessProbeMissing: warning networking: hostNetworkSet: warning hostPortSet: warning security: hostIPCSet: error hostPIDSet: error notReadOnlyRootFileSystem: warning privilegeEscalationAllowed: error runAsRootAllowed: warning runAsPrivileged: error capabilities: error: ifAnyAdded: - SYS_ADMIN - NET_ADMIN - ALL warning: ifAnyAddedBeyond: - CHOWN - DAC_OVERRIDE - FSETID - FOWNER - MKNOD - NET_RAW - SETGID - SETUID - SETFCAP - SETPCAP - NET_BIND_SERVICE - SYS_CHROOT - KILL - AUDIT_WRITE --- # Source: fairwinds/templates/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: name: fairwinds namespace: fairwinds labels: app: fairwinds --- # Source: fairwinds/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: name: fairwinds labels: app: fairwinds rules: - apiGroups: - '' - 'apps' - 'admissionregistration.k8s.io' resources: - '*' verbs: - '*' --- # Source: fairwinds/templates/clusterrolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: fairwinds labels: app: fairwinds roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: fairwinds subjects: - kind: ServiceAccount name: fairwinds namespace: fairwinds --- # Source: fairwinds/templates/dashboard.service.yaml apiVersion: v1 kind: Service metadata: name: fairwinds-dashboard namespace: fairwinds labels: app: fairwinds spec: ports: - name: dashboard port: 80 protocol: TCP targetPort: 8080 selector: app: fairwinds component: dashboard type: ClusterIP --- # Source: fairwinds/templates/webhook.service.yaml apiVersion: v1 kind: Service metadata: name: fairwinds-dashboard namespace: fairwinds labels: app: fairwinds spec: ports: - name: dashboard port: 80 protocol: TCP targetPort: 8080 selector: app: fairwinds component: dashboard type: ClusterIP --- # Source: fairwinds/templates/webhook.deployment.yaml apiVersion: extensions/v1beta1 kind: Deployment metadata: annotations: checksum/config: '5702aca235561630172c22b6b900f5cebd4e82fae60389df18a3537ff82e2f09' name: fairwinds-webhook namespace: fairwinds labels: app: fairwinds component: webhook spec: replicas: 1 selector: matchLabels: app: fairwinds component: webhook template: metadata: labels: app: fairwinds component: webhook spec: volumes: - name: config configMap: name: fairwinds - name: secret secret: secretName: fairwinds containers: - command: - fairwinds - --webhook image: 'quay.io/reactiveops/fairwinds:master' imagePullPolicy: 'Always' name: webhook ports: - containerPort: 9876 # These are fairly useless readiness/liveness probes for now # Follow this issue for potential improvements: # https://github.com/kubernetes-sigs/controller-runtime/issues/356 livenessProbe: exec: command: - sh - -c - ps -ef | grep fairwinds initialDelaySeconds: 5 periodSeconds: 5 readinessProbe: exec: command: - sh - -c - ps -ef | grep fairwinds initialDelaySeconds: 5 periodSeconds: 5 resources: limits: cpu: 100m memory: 128Mi requests: cpu: 100m memory: 128Mi volumeMounts: - name: config mountPath: /opt/app/config.yaml subPath: config.yaml readOnly: true - name: secret mountPath: /tmp/cert/ readOnly: true serviceAccountName: fairwinds --- # Source: fairwinds/templates/dashboard.deployment.yaml