adrien/ansible-role-k8s-storage
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Update from upstream
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse source
This commit is contained in:
Adrien Reslinger 2020-10-10 13:11:17 +02:00
parent d6672663b0
commit 2be4c03df1
8 changed files with 178 additions and 128 deletions
Download patch file Download diff file Expand all files Collapse all files

27
files/secrets-store/csi-secrets-store-DaemonSet.yaml
View file

@ -42,14 +42,23 @@ spec:
mountPath: /csi
- name: registration-dir
mountPath: /registration
resources:
limits:
cpu: 100m
memory: 100Mi
requests:
cpu: 10m
memory: 20Mi
- name: secrets-store
image: us.gcr.io/k8s-artifacts-prod/csi-secrets-store/driver:v0.0.13
image: us.gcr.io/k8s-artifacts-prod/csi-secrets-store/driver:v0.0.16
args:
- "--debug=true"
- "--endpoint=$(CSI_ENDPOINT)"
- "--nodeid=$(KUBE_NODE_NAME)"
- "--provider-volume=/etc/kubernetes/secrets-store-csi-providers"
- "--metrics-addr=:8080"
- "--metrics-addr=:8095"
- "--enable-secret-rotation=false"
- "--rotation-poll-interval=2m"
env:
- name: CSI_ENDPOINT
value: unix:///csi/csi.sock
@ -81,6 +90,13 @@ spec:
mountPropagation: Bidirectional
- name: providers-dir
mountPath: /etc/kubernetes/secrets-store-csi-providers
resources:
limits:
cpu: 200m
memory: 200Mi
requests:
cpu: 50m
memory: 100Mi
- name: liveness-probe
image: quay.io/k8scsi/livenessprobe:v2.0.0
imagePullPolicy: Always
@ -92,6 +108,13 @@ spec:
volumeMounts:
- name: plugin-dir
mountPath: /csi
resources:
limits:
cpu: 100m
memory: 100Mi
requests:
cpu: 10m
memory: 20Mi
volumes:
- name: mountpoint-dir
hostPath:

15
files/secrets-store/secretproviderclasses-role-ClusterRole.yaml
View file

@ -4,6 +4,21 @@ metadata:
creationTimestamp: null
name: secretproviderclasses-role
rules:
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- watch
- apiGroups:
- secrets-store.csi.x-k8s.io
resources:

162
files/secrets-store/secretproviderclasses.secrets-store.csi.x-k8s.io-CustomResourceDefinition.yaml
View file

@ -1,8 +1,8 @@
apiVersion: apiextensions.k8s.io/v1beta1
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.3.0
controller-gen.kubebuilder.io/version: v0.4.0
creationTimestamp: null
name: secretproviderclasses.secrets-store.csi.x-k8s.io
spec:
@ -12,89 +12,87 @@ spec:
listKind: SecretProviderClassList
plural: secretproviderclasses
singular: secretproviderclass
preserveUnknownFields: false
scope: Namespaced
validation:
openAPIV3Schema:
description: SecretProviderClass is the Schema for the secretproviderclasses
API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: SecretProviderClassSpec defines the desired state of SecretProviderClass
properties:
parameters:
additionalProperties:
type: string
description: Configuration for specific provider
type: object
provider:
description: Configuration for provider name
type: string
secretObjects:
items:
description: SecretObject defines the desired state of synced K8s
secret objects
properties:
data:
items:
description: SecretObjectData defines the desired state of synced
K8s secret object data
properties:
key:
description: data field to populate
type: string
objectName:
description: name of the object to sync
type: string
type: object
type: array
labels:
additionalProperties:
type: string
description: labels of K8s secret object
type: object
secretName:
description: name of the K8s secret object
type: string
type:
description: type of K8s secret object
type: string
type: object
type: array
type: object
status:
description: SecretProviderClassStatus defines the observed state of SecretProviderClass
properties:
byPod:
items:
description: ByPodStatus defines the state of SecretProviderClass
as seen by an individual controller
properties:
id:
description: id of the pod that wrote the status
type: string
namespace:
description: namespace of the pod that wrote the status
type: string
type: object
type: array
type: object
type: object
version: v1alpha1
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: SecretProviderClass is the Schema for the secretproviderclasses
API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: SecretProviderClassSpec defines the desired state of SecretProviderClass
properties:
parameters:
additionalProperties:
type: string
description: Configuration for specific provider
type: object
provider:
description: Configuration for provider name
type: string
secretObjects:
items:
description: SecretObject defines the desired state of synced K8s
secret objects
properties:
data:
items:
description: SecretObjectData defines the desired state of
synced K8s secret object data
properties:
key:
description: data field to populate
type: string
objectName:
description: name of the object to sync
type: string
type: object
type: array
labels:
additionalProperties:
type: string
description: labels of K8s secret object
type: object
secretName:
description: name of the K8s secret object
type: string
type:
description: type of K8s secret object
type: string
type: object
type: array
type: object
status:
description: SecretProviderClassStatus defines the observed state of SecretProviderClass
properties:
byPod:
items:
description: ByPodStatus defines the state of SecretProviderClass
as seen by an individual controller
properties:
id:
description: id of the pod that wrote the status
type: string
namespace:
description: namespace of the pod that wrote the status
type: string
type: object
type: array
type: object
type: object
served: true
storage: true
status: