Skip to content

Commit

Permalink
Merge pull request #51 from mitou/fix/deployment
Browse files Browse the repository at this point in the history 
[修正] #49, #50でデプロイに失敗する問題を修正
  • Loading branch information
@xpadev-net
xpadev-net authored May 18, 2024
2 parents 0733cdc + 55864d7 commit e55cb3f
Show file tree
Hide file tree
Showing 2 changed files with 256 additions and 1 deletion.
255 changes: 255 additions & 0 deletions kubernetes/mattermost/external-secrets-operator.yml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,17 @@
---
# Source: external-secrets/templates/cert-controller-serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: external-secrets-cert-controller
namespace: default
labels:
helm.sh/chart: external-secrets-v0.9.16
app.kubernetes.io/name: external-secrets-cert-controller
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/version: "v0.9.16"
app.kubernetes.io/managed-by: Helm
---
# Source: external-secrets/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
Expand Down Expand Up @@ -11807,6 +11820,73 @@ spec:
namespace: "default"
path: /convert
---
# Source: external-secrets/templates/cert-controller-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: external-secrets-cert-controller
labels:
helm.sh/chart: external-secrets-v0.9.16
app.kubernetes.io/name: external-secrets-cert-controller
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/version: "v0.9.16"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
- "apiextensions.k8s.io"
resources:
- "customresourcedefinitions"
verbs:
- "get"
- "list"
- "watch"
- "update"
- "patch"
- apiGroups:
- "admissionregistration.k8s.io"
resources:
- "validatingwebhookconfigurations"
verbs:
- "get"
- "list"
- "watch"
- "update"
- "patch"
- apiGroups:
- ""
resources:
- "endpoints"
verbs:
- "list"
- "get"
- "watch"
- apiGroups:
- ""
resources:
- "events"
verbs:
- "create"
- "patch"
- apiGroups:
- ""
resources:
- "secrets"
verbs:
- "get"
- "list"
- "watch"
- "update"
- "patch"
- apiGroups:
- "coordination.k8s.io"
resources:
- "leases"
verbs:
- "get"
- "create"
- "update"
- "patch"
---
# Source: external-secrets/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
Expand Down Expand Up @@ -12027,6 +12107,26 @@ rules:
- "list"
- "watch"
---
# Source: external-secrets/templates/cert-controller-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: external-secrets-cert-controller
labels:
helm.sh/chart: external-secrets-v0.9.16
app.kubernetes.io/name: external-secrets-cert-controller
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/version: "v0.9.16"
app.kubernetes.io/managed-by: Helm
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: external-secrets-cert-controller
subjects:
- name: external-secrets-cert-controller
namespace: default
kind: ServiceAccount
---
# Source: external-secrets/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
Expand Down Expand Up @@ -12131,6 +12231,79 @@ spec:
app.kubernetes.io/name: external-secrets-webhook
app.kubernetes.io/instance: external-secrets
---
# Source: external-secrets/templates/cert-controller-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: external-secrets-cert-controller
namespace: default
labels:
helm.sh/chart: external-secrets-v0.9.16
app.kubernetes.io/name: external-secrets-cert-controller
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/version: "v0.9.16"
app.kubernetes.io/managed-by: Helm
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/name: external-secrets-cert-controller
app.kubernetes.io/instance: external-secrets
template:
metadata:
labels:
helm.sh/chart: external-secrets-v0.9.16
app.kubernetes.io/name: external-secrets-cert-controller
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/version: "v0.9.16"
app.kubernetes.io/managed-by: Helm
spec:
serviceAccountName: external-secrets-cert-controller
automountServiceAccountToken: true
hostNetwork: false
containers:
- name: cert-controller
resources:
requests:
memory: "512Mi"
cpu: "250m"
limits:
memory: "512Mi"
cpu: "250m"
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
image: ghcr.io/external-secrets/external-secrets:v0.9.16
imagePullPolicy: IfNotPresent
args:
- certcontroller
- --crd-requeue-interval=5m
- --service-name=external-secrets-webhook
- --service-namespace=default
- --secret-name=external-secrets-webhook
- --secret-namespace=default
- --metrics-addr=:8080
- --healthz-addr=:8081

ports:
- containerPort: 8080
protocol: TCP
name: metrics
readinessProbe:
httpGet:
port: 8081
path: /readyz
initialDelaySeconds: 20
periodSeconds: 5
---
# Source: external-secrets/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
Expand Down Expand Up @@ -12191,6 +12364,88 @@ spec:
protocol: TCP
name: metrics
---
# Source: external-secrets/templates/webhook-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: external-secrets-webhook
namespace: default
labels:
helm.sh/chart: external-secrets-v0.9.16
app.kubernetes.io/name: external-secrets-webhook
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/version: "v0.9.16"
app.kubernetes.io/managed-by: Helm
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/name: external-secrets-webhook
app.kubernetes.io/instance: external-secrets
template:
metadata:
labels:
helm.sh/chart: external-secrets-v0.9.16
app.kubernetes.io/name: external-secrets-webhook
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/version: "v0.9.16"
app.kubernetes.io/managed-by: Helm
spec:
hostNetwork: false
serviceAccountName: external-secrets-webhook
automountServiceAccountToken: true
containers:
- name: webhook
resources:
requests:
memory: "512Mi"
cpu: "250m"
limits:
memory: "512Mi"
cpu: "250m"
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
image: ghcr.io/external-secrets/external-secrets:v0.9.16
imagePullPolicy: IfNotPresent
args:
- webhook
- --port=10250
- --dns-name=external-secrets-webhook.default.svc
- --cert-dir=/tmp/certs
- --check-interval=5m
- --metrics-addr=:8080
- --healthz-addr=:8081
ports:
- containerPort: 8080
protocol: TCP
name: metrics
- containerPort: 10250
protocol: TCP
name: webhook
readinessProbe:
httpGet:
port: 8081
path: /readyz
initialDelaySeconds: 20
periodSeconds: 5
volumeMounts:
- name: certs
mountPath: /tmp/certs
readOnly: true
volumes:
- name: certs
secret:
secretName: external-secrets-webhook
---
# Source: external-secrets/templates/validatingwebhook.yaml
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
Expand Down
2 changes: 1 addition & 1 deletion kubernetes/mattermost/mattermost.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ spec:
mountPath: /config
- name: secret
mountPath: /secret
- name: mattermost
- name: bleve-indexer
image: mattermost/mattermost-team-edition:9.7
imagePullPolicy: Always
env:
Expand Down

0 comments on commit e55cb3f

Please sign in to comment.