feat: basic kustomize support

grampelberg · grampelberg · commit 24349b4efc42 · 2024-09-11T18:10:10.000-07:00
diff --git a/kustomize/kustomization.yaml b/kustomize/kustomization.yaml
@@ -0,0 +1,14 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: getting-started
+
+resources:
+  - rbac.yaml
+  - server.yaml
+
+labels:
+  - includeSelectors: true
+    pairs:
+      app.kubernetes.io/name: kty
+      app.kubernetes.io/part-of: kty
diff --git a/kustomize/rbac.yaml b/kustomize/rbac.yaml
@@ -0,0 +1,43 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: kty-server
+  labels:
+    app.kubernetes.io/component: server
+rules:
+  - apiGroups: ['']
+    resources:
+      - users
+      - groups
+    verbs:
+      - impersonate
+  - apiGroups:
+      - kty.dev
+    resources:
+      - keys
+      - keys/status
+    verbs: ['*']
+  - apiGroups:
+      - apiextensions.k8s.io
+    resources:
+      - customresourcedefinitions
+    verbs:
+      - create
+      - patch
+    resourceNames:
+      - keys.kty.dev
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: kty-server
+  labels:
+    app.kubernetes.io/component: server
+subjects:
+  - kind: ServiceAccount
+    name: kty-server
+roleRef:
+  kind: ClusterRole
+  name: kty-server
+  apiGroup: rbac.authorization.k8s.io
diff --git a/kustomize/server.yaml b/kustomize/server.yaml
@@ -0,0 +1,65 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: kty-server
+  labels:
+    app.kubernetes.io/component: server
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: server
+spec:
+  type: LoadBalancer
+  ports:
+    - port: 2222
+  selector:
+    app.kubernetes.io/component: server
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: server
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: server
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/component: server
+      annotations:
+        prometheus.io/scrape: 'true'
+        prometheus.io/path: /metrics
+        prometheus.io/port: '8080'
+
+    spec:
+      serviceAccountName: kty-server
+
+      containers:
+        - name: server
+          image: gcr.io/grampelberg/kty:latest
+
+          command: ['kty']
+          args:
+            - serve
+            - -vv
+            - --address=0.0.0.0
+            - --key=/etc/kty/key/id_ed25519
+
+          env:
+            - name: POD_UID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.uid
+
+          livenessProbe:
+            httpGet:
+              path: /metrics
+              port: 8080
+          readinessProbe:
+            httpGet:
+              path: /metrics
+              port: 8080
