Added release manifests

master
Marcus Noble 3 years ago
parent a1e44e0924
commit aebf937820
  1. 2
      Makefile
  2. 47
      manifests/deployment.yaml
  3. 4
      manifests/example.env
  4. 21
      manifests/kustomization.yaml
  5. 10
      manifests/pvc.yaml
  6. 29
      manifests/rbac.yaml

@ -47,7 +47,7 @@ ci:
.PHONY: release # Release the latest version of the application
release:
@echo "⚠ 'release' unimplemented"
@cd manifests && kustomize edit set image kube-1password-secrets=$(IMAGE) && kustomize build | kubectl apply -f -
.PHONY: help # Show this list of commands
help:

@ -0,0 +1,47 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: kube-1password-secrets
spec:
selector:
matchLabels:
app.kubernetes.io/name: kube-1password-secrets
replicas: 1
template:
metadata:
labels:
app.kubernetes.io/name: kube-1password-secrets
spec:
containers:
- image: kube-1password-secrets
name: kube-1password-secrets
env:
- name: OP_DOMAIN
valueFrom:
secretKeyRef:
name: kube-1password-secrets
key: OP_DOMAIN
- name: OP_EMAIL
valueFrom:
secretKeyRef:
name: kube-1password-secrets
key: OP_EMAIL
- name: OP_PASSWORD
valueFrom:
secretKeyRef:
name: kube-1password-secrets
key: OP_PASSWORD
- name: OP_SECRET_KEY
valueFrom:
secretKeyRef:
name: kube-1password-secrets
key: OP_SECRET_KEY
volumeMounts:
- mountPath: "/root/.op"
name: op
serviceAccountName: kube-1password-secrets
restartPolicy: Always
volumes:
- name: op
persistentVolumeClaim:
claimName: kube-1password-secrets

@ -0,0 +1,4 @@
OP_DOMAIN=
OP_EMAIL=
OP_PASSWORD=
OP_SECRET_KEY=

@ -0,0 +1,21 @@
commonLabels:
app.kubernetes.io/name: kube-1password-secrets
namespace: kube-system
secretGenerator:
- envs:
- .env
name: kube-1password-secrets
images:
- name: kube-1password-secrets
newName: docker.cloud.cluster.fun/averagemarcus/kube-1password-secrets
newTag: latest
resources:
- rbac.yaml
- pvc.yaml
- deployment.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

@ -0,0 +1,10 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: kube-1password-secrets
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Mi

@ -0,0 +1,29 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: kube-1password-secrets
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kube-1password-secrets
rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "list", "update"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kube-1password-secrets
subjects:
- kind: ServiceAccount
name: kube-1password-secrets
roleRef:
kind: ClusterRole
name: kube-1password-secrets
apiGroup: rbac.authorization.k8s.io
Loading…
Cancel
Save