mirror of
https://github.com/kyverno/kyverno.git
synced 2024-12-14 11:57:48 +00:00
NK-44: Secret is now in the separate yaml
This commit is contained in:
belyshevdenis
parent
e7af6c0e9a
commit
3302bdd619
3 changed files with 10 additions and 215 deletions
8
definitions/docker-registry-key.yaml
Normal file
8
definitions/docker-registry-key.yaml
Normal file
|
|
@ -0,0 +1,8 @@
|
|||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: docker-registry-key
|
||||
namespace: kube-system
|
||||
data:
|
||||
.dockerconfigjson: DOCKER_CONFIG_JSON_IN_BASE64
|
||||
type: kubernetes.io/dockerconfigjson
|
||||
|
|
@ -1,215 +0,0 @@
|
|||
apiVersion: apiextensions.k8s.io/v1beta1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
name: policies.policy.nirmata.io
|
||||
spec:
|
||||
group: policy.nirmata.io
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
served: true
|
||||
storage: true
|
||||
scope: Cluster
|
||||
names:
|
||||
kind: Policy
|
||||
plural: policies
|
||||
singular: policy
|
||||
subresources:
|
||||
status: {}
|
||||
validation:
|
||||
openAPIV3Schema:
|
||||
properties:
|
||||
spec:
|
||||
required:
|
||||
- failurePolicy
|
||||
- rules
|
||||
properties:
|
||||
failurePolicy:
|
||||
type: string
|
||||
enum:
|
||||
- continueOnError
|
||||
- stopOnError
|
||||
rules:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
required:
|
||||
- resource
|
||||
properties:
|
||||
resource:
|
||||
type: object
|
||||
required:
|
||||
- kind
|
||||
properties:
|
||||
kind:
|
||||
type: string
|
||||
enum:
|
||||
- ConfigMap
|
||||
- CronJob
|
||||
- DaemonSet
|
||||
- Deployment
|
||||
- Endpoints
|
||||
- HorizontalPodAutoscaler
|
||||
- Ingress
|
||||
- Job
|
||||
- LimitRange
|
||||
- Namespace
|
||||
- NetworkPolicy
|
||||
- PersistentVolumeClaim
|
||||
- PodDisruptionBudget
|
||||
- PodTemplate
|
||||
- ResourceQuota
|
||||
- Secret
|
||||
- Service
|
||||
- StatefulSet
|
||||
name:
|
||||
type: string
|
||||
selector:
|
||||
properties:
|
||||
matchLabels:
|
||||
type: object
|
||||
additionalProperties:
|
||||
type: string
|
||||
matchExpressions:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
operator:
|
||||
type: string
|
||||
values:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
patch:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
required:
|
||||
- path
|
||||
- op
|
||||
properties:
|
||||
path:
|
||||
type: string
|
||||
op:
|
||||
type: string
|
||||
enum:
|
||||
- add
|
||||
- replace
|
||||
- remove
|
||||
value:
|
||||
AnyValue: {}
|
||||
configMapGenerator:
|
||||
type: object
|
||||
required:
|
||||
- name
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
copyFrom:
|
||||
type: object
|
||||
required:
|
||||
- namespace
|
||||
- name
|
||||
properties:
|
||||
namespace:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
data:
|
||||
type: object
|
||||
additionalProperties:
|
||||
type: string
|
||||
secretGenerator:
|
||||
type: object
|
||||
required:
|
||||
- name
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
copyFrom:
|
||||
type: object
|
||||
required:
|
||||
- namespace
|
||||
- name
|
||||
properties:
|
||||
namespace:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
data:
|
||||
type: object
|
||||
additionalProperties:
|
||||
type: string
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
namespace: kube-system
|
||||
name: kube-policy-svc
|
||||
labels:
|
||||
app: kube-policy
|
||||
spec:
|
||||
ports:
|
||||
- port: 443
|
||||
targetPort: 443
|
||||
selector:
|
||||
app: kube-policy
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: kube-policy-service-account
|
||||
namespace: kube-system
|
||||
---
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
metadata:
|
||||
name: kube-policy-admin
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: cluster-admin
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: kube-policy-service-account
|
||||
namespace: kube-system
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: mykey123
|
||||
namespace: kube-system
|
||||
data:
|
||||
.dockerconfigjson: ewogICAgICAgICJhdXRocyI6IHsKICAgICAgICAgICAgICAgICJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iOiB7CiAgICAgICAgICAgICAgICAgICAgICAgICJhdXRoIjogIlltVnNlWE5vWlhaa1pXNXBjenBCY0hJeGIzSXhkQT09IgogICAgICAgICAgICAgICAgfQogICAgICAgIH0sCiAgICAgICAgIkh0dHBIZWFkZXJzIjogewogICAgICAgICAgICAgICAgIlVzZXItQWdlbnQiOiAiRG9ja2VyLUNsaWVudC8xOC4wOS4yIChsaW51eCkiCiAgICAgICAgfQp9
|
||||
type: kubernetes.io/dockerconfigjson
|
||||
---
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
namespace: kube-system
|
||||
name: kube-policy-deployment
|
||||
labels:
|
||||
app: kube-policy
|
||||
spec:
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: kube-policy
|
||||
spec:
|
||||
serviceAccountName: kube-policy-service-account
|
||||
containers:
|
||||
- name: kube-policy
|
||||
image: nirmata/kube-policy:latest
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 443
|
||||
securityContext:
|
||||
privileged: true
|
||||
imagePullSecrets:
|
||||
- name: mykey123
|
||||
|
|
@ -202,3 +202,5 @@ spec:
|
|||
- containerPort: 443
|
||||
securityContext:
|
||||
privileged: true
|
||||
imagePullSecrets:
|
||||
- name: docker-registry-key
|
||||
|
|
|
|||
Loading…
Reference in a new issue