mirror of
https://github.com/lukaszraczylo/kubemirror.git
synced 2026-07-03 00:34:57 +00:00
initial commit
This commit is contained in:
@@ -0,0 +1,84 @@
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: kubemirror-controller
|
||||
namespace: kubemirror-system
|
||||
labels:
|
||||
app.kubernetes.io/name: kubemirror
|
||||
app.kubernetes.io/component: controller
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: kubemirror
|
||||
app.kubernetes.io/component: controller
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: kubemirror
|
||||
app.kubernetes.io/component: controller
|
||||
annotations:
|
||||
prometheus.io/scrape: "true"
|
||||
prometheus.io/port: "8080"
|
||||
prometheus.io/path: "/metrics"
|
||||
spec:
|
||||
serviceAccountName: kubemirror-controller
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
runAsUser: 65532
|
||||
fsGroup: 65532
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
containers:
|
||||
- name: controller
|
||||
image: ghcr.io/lukaszraczylo/kubemirror:latest
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- /kubemirror
|
||||
args:
|
||||
- --leader-elect
|
||||
- --metrics-bind-address=:8080
|
||||
- --health-probe-bind-address=:8081
|
||||
- --max-targets=100
|
||||
- --worker-threads=5
|
||||
- --rate-limit-qps=50.0
|
||||
- --rate-limit-burst=100
|
||||
ports:
|
||||
- name: metrics
|
||||
containerPort: 8080
|
||||
protocol: TCP
|
||||
- name: health
|
||||
containerPort: 8081
|
||||
protocol: TCP
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: health
|
||||
initialDelaySeconds: 15
|
||||
periodSeconds: 20
|
||||
timeoutSeconds: 5
|
||||
failureThreshold: 3
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /readyz
|
||||
port: health
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
failureThreshold: 3
|
||||
resources:
|
||||
limits:
|
||||
cpu: 500m
|
||||
memory: 512Mi
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 128Mi
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
terminationGracePeriodSeconds: 10
|
||||
@@ -0,0 +1,19 @@
|
||||
---
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
namespace: kubemirror-system
|
||||
|
||||
commonLabels:
|
||||
app.kubernetes.io/name: kubemirror
|
||||
app.kubernetes.io/managed-by: kustomize
|
||||
|
||||
resources:
|
||||
- namespace.yaml
|
||||
- rbac.yaml
|
||||
- deployment.yaml
|
||||
- service.yaml
|
||||
|
||||
images:
|
||||
- name: ghcr.io/lukaszraczylo/kubemirror
|
||||
newTag: latest
|
||||
@@ -0,0 +1,8 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: kubemirror-system
|
||||
labels:
|
||||
app.kubernetes.io/name: kubemirror
|
||||
app.kubernetes.io/component: system
|
||||
@@ -0,0 +1,86 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: kubemirror-controller
|
||||
namespace: kubemirror-system
|
||||
labels:
|
||||
app.kubernetes.io/name: kubemirror
|
||||
app.kubernetes.io/component: controller
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: kubemirror-controller
|
||||
labels:
|
||||
app.kubernetes.io/name: kubemirror
|
||||
app.kubernetes.io/component: rbac
|
||||
rules:
|
||||
# Discovery - read access to all API groups for resource discovery
|
||||
# This is required for auto-discovering available resource types
|
||||
- apiGroups: ["*"]
|
||||
resources: ["*"]
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
|
||||
# Full access to all mirrorable resources
|
||||
# Required for creating, updating, and deleting mirrors across all resource types
|
||||
# The controller will only mirror resources that are explicitly marked with
|
||||
# kubemirror.raczylo.com/enabled label and kubemirror.raczylo.com/sync annotation
|
||||
- apiGroups: ["*"]
|
||||
resources: ["*"]
|
||||
verbs:
|
||||
- create
|
||||
- update
|
||||
- patch
|
||||
- delete
|
||||
|
||||
# Namespaces - read only (for listing and filtering)
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- namespaces
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
|
||||
# Leader election - coordination.k8s.io/v1
|
||||
- apiGroups: ["coordination.k8s.io"]
|
||||
resources:
|
||||
- leases
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- create
|
||||
- update
|
||||
- patch
|
||||
- delete
|
||||
|
||||
# Events - for creating events about mirroring operations
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- events
|
||||
verbs:
|
||||
- create
|
||||
- patch
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: kubemirror-controller
|
||||
labels:
|
||||
app.kubernetes.io/name: kubemirror
|
||||
app.kubernetes.io/component: rbac
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: kubemirror-controller
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: kubemirror-controller
|
||||
namespace: kubemirror-system
|
||||
@@ -0,0 +1,23 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: kubemirror-controller-metrics
|
||||
namespace: kubemirror-system
|
||||
labels:
|
||||
app.kubernetes.io/name: kubemirror
|
||||
app.kubernetes.io/component: controller
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- name: metrics
|
||||
port: 8080
|
||||
targetPort: metrics
|
||||
protocol: TCP
|
||||
- name: health
|
||||
port: 8081
|
||||
targetPort: health
|
||||
protocol: TCP
|
||||
selector:
|
||||
app.kubernetes.io/name: kubemirror
|
||||
app.kubernetes.io/component: controller
|
||||
Reference in New Issue
Block a user