This repository has been archived by the owner on Aug 4, 2021. It is now read-only.
forked from dashlabsai-archived/doppler-k8s-controller
-
Notifications
You must be signed in to change notification settings - Fork 1
/
doppler-crd-controller.yml
101 lines (101 loc) · 2.33 KB
/
doppler-crd-controller.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: dopplersecrets.doppler.com
spec:
group: doppler.com
versions:
- name: v1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
serviceToken:
type: string
secretName:
type: string
scope: Namespaced
names:
shortNames:
- ds
kind: DopplerSecret
plural: dopplersecrets
singular: dopplersecret
---
kind: Namespace
apiVersion: v1
metadata:
name: doppler-controller
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: doppler-controller-service-account
namespace: doppler-controller
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: doppler-controller-role
rules:
- apiGroups: ['']
resources: ['secrets']
verbs: ['get', 'create', 'update', 'delete']
- apiGroups: ['apps']
resources: ['deployments']
verbs: ['list', 'patch']
- apiGroups: ['']
resources: ['namespaces']
verbs: ['get', 'watch', 'list']
- apiGroups: ['doppler.com']
resources: ['dopplersecrets']
verbs: ['get', 'list', 'update', 'delete']
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: doppler-controller-role-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: doppler-controller-role
subjects:
- kind: ServiceAccount
name: doppler-controller-service-account
namespace: doppler-controller
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: doppler-controller
namespace: doppler-controller
spec:
replicas: 1
selector:
matchLabels:
app: doppler-controller
template:
metadata:
labels:
app: doppler-controller
spec:
serviceAccountName: doppler-controller-service-account
containers:
- name: doppler-controller
image: dopplerhq/k8s-controller
imagePullPolicy: Always
env:
- name: SYNC_INTERVAL
value: '5000' # Secret sync interval (milliseconds)
resources:
requests:
memory: '250Mi'
cpu: '250m'
limits:
memory: '500Mi'
cpu: '500m'