From 427e1357a0aed3e6cf04d8b97646a6fc9ceb890e Mon Sep 17 00:00:00 2001 From: Adrien Reslinger Date: Wed, 23 Oct 2024 14:52:55 +0200 Subject: [PATCH] Update deployment --- tasks/main.yml | 12 ++++----- templates/diun-ClusterRole.yml.j2 | 14 ----------- templates/diun-ClusterRoleBinding.yml.j2 | 13 ---------- templates/diun-Deployment.yml.j2 | 7 +++--- templates/diun-RBAC.yml.j2 | 32 ++++++++++++++++++++++++ templates/diun-ServiceAccount.yml.j2 | 6 ----- 6 files changed, 41 insertions(+), 43 deletions(-) delete mode 100644 templates/diun-ClusterRole.yml.j2 delete mode 100644 templates/diun-ClusterRoleBinding.yml.j2 create mode 100644 templates/diun-RBAC.yml.j2 delete mode 100644 templates/diun-ServiceAccount.yml.j2 diff --git a/tasks/main.yml b/tasks/main.yml index 7275d65..6f9f34e 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,5 +1,5 @@ --- -- name: calico setup +- name: Diun setup block: # - name: Include vars # ansible.builtin.include_vars: "diun-files.yaml" @@ -8,15 +8,13 @@ kubernetes.core.k8s: state: present context: "{{ my_context }}" - merge_type: merge - resource_definition: "{{ lookup('template', item) | from_yaml }}" + apply: true + namespace: "duin" + resource_definition: "{{ lookup('template', item) | from_yaml_all }}" with_items: - - diun-ServiceAccount.yml.j2 - - diun-ClusterRole.yml.j2 - - diun-ClusterRoleBinding.yml.j2 + - diun-RBAC.yml.j2 - diun-ConfigMap.yml.j2 - diun-Deployment.yml.j2 - tags: - diun diff --git a/templates/diun-ClusterRole.yml.j2 b/templates/diun-ClusterRole.yml.j2 deleted file mode 100644 index 433bf71..0000000 --- a/templates/diun-ClusterRole.yml.j2 +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: diun -rules: - - apiGroups: - - "" - resources: - - pods - verbs: - - get - - watch - - list diff --git a/templates/diun-ClusterRoleBinding.yml.j2 b/templates/diun-ClusterRoleBinding.yml.j2 deleted file mode 100644 index 73f53b6..0000000 --- a/templates/diun-ClusterRoleBinding.yml.j2 +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: diun -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: diun -subjects: - - kind: ServiceAccount - name: diun - namespace: default diff --git a/templates/diun-Deployment.yml.j2 b/templates/diun-Deployment.yml.j2 index e6c3fbc..87348bb 100644 --- a/templates/diun-Deployment.yml.j2 +++ b/templates/diun-Deployment.yml.j2 @@ -2,7 +2,6 @@ apiVersion: apps/v1 kind: Deployment metadata: - namespace: default name: diun spec: replicas: 1 @@ -34,6 +33,8 @@ spec: value: "20" - name: DIUN_WATCH_SCHEDULE value: "0 */6 * * *" + - name: DIUN_WATCH_JITTER + value: "30s" - name: DIUN_PROVIDERS_KUBERNETES value: "true" volumeMounts: @@ -50,7 +51,7 @@ spec: hostPath: path: "/data" type: Directory - - configMap: + - name: config + configMap: defaultMode: 420 name: diun-conf - name: config diff --git a/templates/diun-RBAC.yml.j2 b/templates/diun-RBAC.yml.j2 new file mode 100644 index 0000000..0522cb3 --- /dev/null +++ b/templates/diun-RBAC.yml.j2 @@ -0,0 +1,32 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: diun +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: diun +rules: + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - watch + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: diun +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: diun +subjects: + - kind: ServiceAccount + name: diun + namespace: default diff --git a/templates/diun-ServiceAccount.yml.j2 b/templates/diun-ServiceAccount.yml.j2 deleted file mode 100644 index 612f460..0000000 --- a/templates/diun-ServiceAccount.yml.j2 +++ /dev/null @@ -1,6 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - namespace: default - name: diun