github/polaris
1
0
Fork 0
mirror of https://github.com/FairwindsOps/polaris.git synced 2026-05-29 12:32:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
6456c9c28c4a2a8a817fcfafb362be63fc1040ea
polaris/deploy/all.yaml
Rob Scott f5cde2db38 a lot of cleanup and restructuring
2019-03-27 22:57:01 -04:00

220 lines
4.3 KiB
YAML
Raw Blame History

---
kind: Service
apiVersion: v1
metadata:
name: fairwinds-dash
spec:
selector:
app: fairwinds
ports:
- name: dashboard
protocol: TCP
port: 80
targetPort: 8080
---
apiVersion: v1
kind: Namespace
metadata:
name: fairwinds
labels:
app: fairwinds
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: fairwinds
namespace: fairwinds
labels:
app: fairwinds
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: fairwinds
labels:
app: fairwinds
rules:
- apiGroups:
- ''
- 'apps'
- 'admissionregistration.k8s.io'
resources:
- '*'
verbs:
- '*'
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: fairwinds
labels:
app: fairwinds
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: fairwinds
subjects:
- kind: ServiceAccount
name: fairwinds
namespace: fairwinds
---
apiVersion: v1
kind: Secret
metadata:
name: fairwinds
namespace: fairwinds
labels:
app: fairwinds
---
apiVersion: v1
kind: ConfigMap
metadata:
name: fairwinds
namespace: fairwinds
labels:
app: fairwinds
data:
config.yml: |
resources:
cpuRequestsMissing: warning
cpuRequestRanges:
warning:
below: 50m
above: 1000m
error:
below: 500m
above: 2000m
cpuLimitsMissing: warning
cpuLimitRanges:
warning:
below: 50m
above: 1000m
error:
below: 500m
above: 2000m
memoryRequestsMissing: warning
memoryRequestRanges:
warning:
below: 50M
above: 2G
error:
below: 100M
above: 4G
memoryLimitsMissing: warning
memoryLimitRanges:
warning:
below: 50M
above: 2G
error:
below: 100M
above: 4G
images:
tagNotSpecified: error
pullPolicyNotAlways: warning
whitelist:
error:
- gcr.io/*
blacklist:
warning:
- docker.io/*
healthChecks:
readinessProbeMissing: warning
livenessProbeMissing: warning
networking:
hostAliasSet: error
hostIPCSet: error
hostNetworkSet: error
hostPIDSet: error
hostPortSet: error
security:
runAsPriviliged: warning
notReadOnlyRootFileSystem: warning
runAsNonRoot: warning
capabilities:
blacklist:
error:
- CHOWN
- SYS_CHROOT
- AUDIT_WRITE
whitelist:
warning:
- CHOWN
- DAC_OVERRIDE
- FSETID
- FOWNER
- MKNOD
- NET_RAW
- SETGID
- SETUID
- SETFCAP
- SETPCAP
- NET_BIND_SERVICE
- SYS_CHROOT
- KILL
- AUDIT_WRITE
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: fairwinds
namespace: fairwinds
labels:
app: fairwinds
spec:
replicas: 1
selector:
matchLabels:
app: fairwinds
template:
metadata:
labels:
app: fairwinds
spec:
serviceAccountName: fairwinds
containers:
- name: webhook
image: quay.io/reactiveops/fairwinds
command: ["fairwinds", "--webhook"]
imagePullPolicy: Always
ports:
- containerPort: 9876
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 100m
memory: 128Mi
volumeMounts:
- name: certs
mountPath: /tmp/cert/
- name: fairwinds
mountPath: /opt/app/config.yml
subPath: config.yml
readOnly: true
- name: dashboard
image: quay.io/reactiveops/fairwinds
command: ["fairwinds", "--dashboard"]
imagePullPolicy: Always
ports:
- containerPort: 8080
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 100m
memory: 128Mi
volumeMounts:
- name: fairwinds
mountPath: /opt/app/config.yml
subPath: config.yml
readOnly: true
volumes:
- name: fairwinds
configMap:
name: fairwinds
- name: certs
secret:
secretName: fairwinds
Reference in New Issue View Git Blame Copy Permalink