ansible-role-k8s-traefik/templates/traefik-ondemand-plugin.yml.j2

apiVersion: apps/v1
kind: Deployment
metadata:
  name: sablier
  labels:
    app: sablier
spec:
  replicas: 1
  selector:
    matchLabels:
      app: sablier
  template:
    metadata:
      labels:
        app: sablier
    spec:
      serviceAccountName: sablier
      serviceAccount: sablier
      containers:
      - name: sablier
        image: acouvreur/sablier:1.7.0
        args: ["start", "--provider.name=kubernetes", "--storage.file=/dev/shm/state.json"]
        ports:
          - containerPort: 10000
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop: [ALL]
          readOnlyRootFilesystem: true
          seccompProfile:
            type: RuntimeDefault
      securityContext:
        runAsGroup: 65532
        runAsNonRoot: true
        runAsUser: 65532
# --configFile=path/to/myconfigfile.yml 
---
apiVersion: v1
kind: Service
metadata:
  name: sablier
spec:
  selector:
    app: sablier
  ports:
    - protocol: TCP
      port: 10000
      targetPort: 10000
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: sablier
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: sablier
#  namespace: {{ traefik_namespace }}
rules:
  - apiGroups:
      - apps
      - ""
    resources:
      - deployments
#      - deployments/scale
      - statefulsets
#      - statefulsets/scale
    verbs:
      - patch   # Scale up and down
      - get     # Retrieve info about specific dep
      - update  # Scale up and down
      - list    # Events
      - watch   # Events
  - apiGroups:
      - apps
      - ""
    resources:
      - deployments/scale
      - statefulsets/scale
    verbs:
      - patch   # Scale up and down
      - update  # Scale up and down
      - get     # Retrieve info about specific dep
      - list    # Events
      - watch   # Events---
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: sablier
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: sablier
subjects:
  - kind: ServiceAccount
    name: sablier
    namespace: {{ traefik_namespace }}
#---
#apiVersion: traefik.io/v1alpha1
#kind: Middleware
#metadata:
#  name: ondemand
#spec:
#  plugin:
#      group: default
#      dynamic:
#        displayName: My Title
#        refreshFrequency: 5s
#        showDetails: "true"
#        theme: hacker-terminal
#      sablierUrl: http://sablier.{{ traefik_namespace }}:10000
#      sessionDuration: 1m