mirror of
https://github.com/FairwindsOps/polaris.git
synced 2026-05-15 21:57:40 +00:00
146 lines
2.6 KiB
YAML
146 lines
2.6 KiB
YAML
---
|
|
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
name: fairwinds
|
|
labels:
|
|
app: fairwinds
|
|
---
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: fairwinds
|
|
namespace: fairwinds
|
|
labels:
|
|
app: fairwinds
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: fairwinds
|
|
labels:
|
|
app: fairwinds
|
|
rules:
|
|
- apiGroups:
|
|
- ''
|
|
- 'apps/v1'
|
|
- 'admissionregistration.k8s.io'
|
|
resources:
|
|
- '*'
|
|
verbs:
|
|
- '*'
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: fairwinds
|
|
labels:
|
|
app: fairwinds
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: fairwinds
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: fairwinds
|
|
namespace: fairwinds
|
|
---
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: fairwinds
|
|
namespace: fairwinds
|
|
labels:
|
|
app: fairwinds
|
|
---
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: fairwinds
|
|
namespace: fairwinds
|
|
labels:
|
|
app: fairwinds
|
|
data:
|
|
config.yml: |
|
|
resources:
|
|
requests:
|
|
cpu:
|
|
min: 0.1
|
|
max: 1
|
|
memory:
|
|
min: 10m
|
|
max: 2000M
|
|
limits:
|
|
cpu:
|
|
min: 0.1
|
|
max: 1
|
|
memory:
|
|
min: 10m
|
|
max: 2000M
|
|
ingresses:
|
|
whitelist:
|
|
- '*.example.com'
|
|
prevent_overlaps: true
|
|
health_checks:
|
|
readiness:
|
|
require: true
|
|
liveness:
|
|
require: true
|
|
images:
|
|
require_tag: true
|
|
repos:
|
|
whitelist:
|
|
- gcr.io
|
|
namespaces:
|
|
require_labels: true
|
|
security_context:
|
|
capabilities:
|
|
whitelist:
|
|
- 'CAP_SYS_ADMIN'
|
|
prevent_privileged: true
|
|
read_only_file_system: true
|
|
---
|
|
apiVersion: extensions/v1beta1
|
|
kind: Deployment
|
|
metadata:
|
|
name: fairwinds
|
|
namespace: fairwinds
|
|
labels:
|
|
app: fairwinds
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: fairwinds
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: fairwinds
|
|
spec:
|
|
serviceAccountName: fairwinds
|
|
containers:
|
|
- name: fairwinds
|
|
image: quay.io/reactiveops/fairwinds
|
|
imagePullPolicy: Always
|
|
resources:
|
|
limits:
|
|
cpu: 100m
|
|
memory: 128Mi
|
|
requests:
|
|
cpu: 100m
|
|
memory: 128Mi
|
|
volumeMounts:
|
|
- name: certs
|
|
mountPath: /tmp/cert/
|
|
- name: fairwinds
|
|
mountPath: /opt/app/config.yml
|
|
subPath: config.yml
|
|
readOnly: true
|
|
volumes:
|
|
- name: fairwinds
|
|
configMap:
|
|
name: fairwinds
|
|
- name: certs
|
|
secret:
|
|
secretName: fairwinds
|