Added release manifests

This commit is contained in:
Marcus Noble 2020-04-25 18:43:25 +01:00
parent a1e44e0924
commit aebf937820
6 changed files with 112 additions and 1 deletions

View File

@ -47,7 +47,7 @@ ci:
.PHONY: release # Release the latest version of the application
release:
@echo "⚠️ 'release' unimplemented"
@cd manifests && kustomize edit set image kube-1password-secrets=$(IMAGE) && kustomize build | kubectl apply -f -
.PHONY: help # Show this list of commands
help:

47
manifests/deployment.yaml Normal file
View File

@ -0,0 +1,47 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: kube-1password-secrets
spec:
selector:
matchLabels:
app.kubernetes.io/name: kube-1password-secrets
replicas: 1
template:
metadata:
labels:
app.kubernetes.io/name: kube-1password-secrets
spec:
containers:
- image: kube-1password-secrets
name: kube-1password-secrets
env:
- name: OP_DOMAIN
valueFrom:
secretKeyRef:
name: kube-1password-secrets
key: OP_DOMAIN
- name: OP_EMAIL
valueFrom:
secretKeyRef:
name: kube-1password-secrets
key: OP_EMAIL
- name: OP_PASSWORD
valueFrom:
secretKeyRef:
name: kube-1password-secrets
key: OP_PASSWORD
- name: OP_SECRET_KEY
valueFrom:
secretKeyRef:
name: kube-1password-secrets
key: OP_SECRET_KEY
volumeMounts:
- mountPath: "/root/.op"
name: op
serviceAccountName: kube-1password-secrets
restartPolicy: Always
volumes:
- name: op
persistentVolumeClaim:
claimName: kube-1password-secrets

4
manifests/example.env Normal file
View File

@ -0,0 +1,4 @@
OP_DOMAIN=
OP_EMAIL=
OP_PASSWORD=
OP_SECRET_KEY=

View File

@ -0,0 +1,21 @@
commonLabels:
app.kubernetes.io/name: kube-1password-secrets
namespace: kube-system
secretGenerator:
- envs:
- .env
name: kube-1password-secrets
images:
- name: kube-1password-secrets
newName: docker.cloud.cluster.fun/averagemarcus/kube-1password-secrets
newTag: latest
resources:
- rbac.yaml
- pvc.yaml
- deployment.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

10
manifests/pvc.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: kube-1password-secrets
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Mi

29
manifests/rbac.yaml Normal file
View File

@ -0,0 +1,29 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: kube-1password-secrets
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kube-1password-secrets
rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "list", "update"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kube-1password-secrets
subjects:
- kind: ServiceAccount
name: kube-1password-secrets
roleRef:
kind: ClusterRole
name: kube-1password-secrets
apiGroup: rbac.authorization.k8s.io