From aebf93782016a92b75d85154879c2f75e11c224e Mon Sep 17 00:00:00 2001 From: Marcus Noble Date: Sat, 25 Apr 2020 18:43:25 +0100 Subject: [PATCH] Added release manifests --- Makefile | 2 +- manifests/deployment.yaml | 47 ++++++++++++++++++++++++++++++++++++ manifests/example.env | 4 +++ manifests/kustomization.yaml | 21 ++++++++++++++++ manifests/pvc.yaml | 10 ++++++++ manifests/rbac.yaml | 29 ++++++++++++++++++++++ 6 files changed, 112 insertions(+), 1 deletion(-) create mode 100644 manifests/deployment.yaml create mode 100644 manifests/example.env create mode 100644 manifests/kustomization.yaml create mode 100644 manifests/pvc.yaml create mode 100644 manifests/rbac.yaml diff --git a/Makefile b/Makefile index 673a8bb..ddb5cac 100644 --- a/Makefile +++ b/Makefile @@ -47,7 +47,7 @@ ci: .PHONY: release # Release the latest version of the application release: - @echo "⚠️ 'release' unimplemented" + @cd manifests && kustomize edit set image kube-1password-secrets=$(IMAGE) && kustomize build | kubectl apply -f - .PHONY: help # Show this list of commands help: diff --git a/manifests/deployment.yaml b/manifests/deployment.yaml new file mode 100644 index 0000000..06cda19 --- /dev/null +++ b/manifests/deployment.yaml @@ -0,0 +1,47 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kube-1password-secrets +spec: + selector: + matchLabels: + app.kubernetes.io/name: kube-1password-secrets + replicas: 1 + template: + metadata: + labels: + app.kubernetes.io/name: kube-1password-secrets + spec: + containers: + - image: kube-1password-secrets + name: kube-1password-secrets + env: + - name: OP_DOMAIN + valueFrom: + secretKeyRef: + name: kube-1password-secrets + key: OP_DOMAIN + - name: OP_EMAIL + valueFrom: + secretKeyRef: + name: kube-1password-secrets + key: OP_EMAIL + - name: OP_PASSWORD + valueFrom: + secretKeyRef: + name: kube-1password-secrets + key: OP_PASSWORD + - name: OP_SECRET_KEY + valueFrom: + secretKeyRef: + name: kube-1password-secrets + key: OP_SECRET_KEY + volumeMounts: + - mountPath: "/root/.op" + name: op + serviceAccountName: kube-1password-secrets + restartPolicy: Always + volumes: + - name: op + persistentVolumeClaim: + claimName: kube-1password-secrets diff --git a/manifests/example.env b/manifests/example.env new file mode 100644 index 0000000..32870d9 --- /dev/null +++ b/manifests/example.env @@ -0,0 +1,4 @@ +OP_DOMAIN= +OP_EMAIL= +OP_PASSWORD= +OP_SECRET_KEY= diff --git a/manifests/kustomization.yaml b/manifests/kustomization.yaml new file mode 100644 index 0000000..2fbabf2 --- /dev/null +++ b/manifests/kustomization.yaml @@ -0,0 +1,21 @@ +commonLabels: + app.kubernetes.io/name: kube-1password-secrets + +namespace: kube-system + +secretGenerator: +- envs: + - .env + name: kube-1password-secrets + +images: +- name: kube-1password-secrets + newName: docker.cloud.cluster.fun/averagemarcus/kube-1password-secrets + newTag: latest + +resources: +- rbac.yaml +- pvc.yaml +- deployment.yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization diff --git a/manifests/pvc.yaml b/manifests/pvc.yaml new file mode 100644 index 0000000..6db629c --- /dev/null +++ b/manifests/pvc.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: kube-1password-secrets +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Mi diff --git a/manifests/rbac.yaml b/manifests/rbac.yaml new file mode 100644 index 0000000..26eced9 --- /dev/null +++ b/manifests/rbac.yaml @@ -0,0 +1,29 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kube-1password-secrets + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kube-1password-secrets +rules: +- apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "update"] + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kube-1password-secrets +subjects: +- kind: ServiceAccount + name: kube-1password-secrets +roleRef: + kind: ClusterRole + name: kube-1password-secrets + apiGroup: rbac.authorization.k8s.io