initial commit

This commit is contained in:
2025-12-25 22:10:57 +00:00
commit 8adb52608f
46 changed files with 7570 additions and 0 deletions
+84
View File
@@ -0,0 +1,84 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: kubemirror-controller
namespace: kubemirror-system
labels:
app.kubernetes.io/name: kubemirror
app.kubernetes.io/component: controller
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: kubemirror
app.kubernetes.io/component: controller
template:
metadata:
labels:
app.kubernetes.io/name: kubemirror
app.kubernetes.io/component: controller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8080"
prometheus.io/path: "/metrics"
spec:
serviceAccountName: kubemirror-controller
securityContext:
runAsNonRoot: true
runAsUser: 65532
fsGroup: 65532
seccompProfile:
type: RuntimeDefault
containers:
- name: controller
image: ghcr.io/lukaszraczylo/kubemirror:latest
imagePullPolicy: IfNotPresent
command:
- /kubemirror
args:
- --leader-elect
- --metrics-bind-address=:8080
- --health-probe-bind-address=:8081
- --max-targets=100
- --worker-threads=5
- --rate-limit-qps=50.0
- --rate-limit-burst=100
ports:
- name: metrics
containerPort: 8080
protocol: TCP
- name: health
containerPort: 8081
protocol: TCP
livenessProbe:
httpGet:
path: /healthz
port: health
initialDelaySeconds: 15
periodSeconds: 20
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
httpGet:
path: /readyz
port: health
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 100m
memory: 128Mi
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsNonRoot: true
capabilities:
drop:
- ALL
terminationGracePeriodSeconds: 10
+19
View File
@@ -0,0 +1,19 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: kubemirror-system
commonLabels:
app.kubernetes.io/name: kubemirror
app.kubernetes.io/managed-by: kustomize
resources:
- namespace.yaml
- rbac.yaml
- deployment.yaml
- service.yaml
images:
- name: ghcr.io/lukaszraczylo/kubemirror
newTag: latest
+8
View File
@@ -0,0 +1,8 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: kubemirror-system
labels:
app.kubernetes.io/name: kubemirror
app.kubernetes.io/component: system
+86
View File
@@ -0,0 +1,86 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: kubemirror-controller
namespace: kubemirror-system
labels:
app.kubernetes.io/name: kubemirror
app.kubernetes.io/component: controller
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kubemirror-controller
labels:
app.kubernetes.io/name: kubemirror
app.kubernetes.io/component: rbac
rules:
# Discovery - read access to all API groups for resource discovery
# This is required for auto-discovering available resource types
- apiGroups: ["*"]
resources: ["*"]
verbs:
- get
- list
- watch
# Full access to all mirrorable resources
# Required for creating, updating, and deleting mirrors across all resource types
# The controller will only mirror resources that are explicitly marked with
# kubemirror.raczylo.com/enabled label and kubemirror.raczylo.com/sync annotation
- apiGroups: ["*"]
resources: ["*"]
verbs:
- create
- update
- patch
- delete
# Namespaces - read only (for listing and filtering)
- apiGroups: [""]
resources:
- namespaces
verbs:
- get
- list
- watch
# Leader election - coordination.k8s.io/v1
- apiGroups: ["coordination.k8s.io"]
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
# Events - for creating events about mirroring operations
- apiGroups: [""]
resources:
- events
verbs:
- create
- patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubemirror-controller
labels:
app.kubernetes.io/name: kubemirror
app.kubernetes.io/component: rbac
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kubemirror-controller
subjects:
- kind: ServiceAccount
name: kubemirror-controller
namespace: kubemirror-system
+23
View File
@@ -0,0 +1,23 @@
---
apiVersion: v1
kind: Service
metadata:
name: kubemirror-controller-metrics
namespace: kubemirror-system
labels:
app.kubernetes.io/name: kubemirror
app.kubernetes.io/component: controller
spec:
type: ClusterIP
ports:
- name: metrics
port: 8080
targetPort: metrics
protocol: TCP
- name: health
port: 8081
targetPort: health
protocol: TCP
selector:
app.kubernetes.io/name: kubemirror
app.kubernetes.io/component: controller