diff --git a/definitions/docker-registry-key.yaml b/definitions/docker-registry-key.yaml new file mode 100644 index 0000000000..d5fae24abd --- /dev/null +++ b/definitions/docker-registry-key.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: docker-registry-key + namespace: kube-system +data: + .dockerconfigjson: DOCKER_CONFIG_JSON_IN_BASE64 +type: kubernetes.io/dockerconfigjson diff --git a/definitions/install-with-secret.yaml b/definitions/install-with-secret.yaml deleted file mode 100644 index 013ab4365b..0000000000 --- a/definitions/install-with-secret.yaml +++ /dev/null @@ -1,215 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: policies.policy.nirmata.io -spec: - group: policy.nirmata.io - versions: - - name: v1alpha1 - served: true - storage: true - scope: Cluster - names: - kind: Policy - plural: policies - singular: policy - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - required: - - failurePolicy - - rules - properties: - failurePolicy: - type: string - enum: - - continueOnError - - stopOnError - rules: - type: array - items: - type: object - required: - - resource - properties: - resource: - type: object - required: - - kind - properties: - kind: - type: string - enum: - - ConfigMap - - CronJob - - DaemonSet - - Deployment - - Endpoints - - HorizontalPodAutoscaler - - Ingress - - Job - - LimitRange - - Namespace - - NetworkPolicy - - PersistentVolumeClaim - - PodDisruptionBudget - - PodTemplate - - ResourceQuota - - Secret - - Service - - StatefulSet - name: - type: string - selector: - properties: - matchLabels: - type: object - additionalProperties: - type: string - matchExpressions: - type: array - items: - type: object - required: - - key - - operator - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - patch: - type: array - items: - type: object - required: - - path - - op - properties: - path: - type: string - op: - type: string - enum: - - add - - replace - - remove - value: - AnyValue: {} - configMapGenerator: - type: object - required: - - name - properties: - name: - type: string - copyFrom: - type: object - required: - - namespace - - name - properties: - namespace: - type: string - name: - type: string - data: - type: object - additionalProperties: - type: string - secretGenerator: - type: object - required: - - name - properties: - name: - type: string - copyFrom: - type: object - required: - - namespace - - name - properties: - namespace: - type: string - name: - type: string - data: - type: object - additionalProperties: - type: string ---- -apiVersion: v1 -kind: Service -metadata: - namespace: kube-system - name: kube-policy-svc - labels: - app: kube-policy -spec: - ports: - - port: 443 - targetPort: 443 - selector: - app: kube-policy ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kube-policy-service-account - namespace: kube-system ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: kube-policy-admin -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: -- kind: ServiceAccount - name: kube-policy-service-account - namespace: kube-system ---- -apiVersion: v1 -kind: Secret -metadata: - name: mykey123 - namespace: kube-system -data: - .dockerconfigjson: ewogICAgICAgICJhdXRocyI6IHsKICAgICAgICAgICAgICAgICJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iOiB7CiAgICAgICAgICAgICAgICAgICAgICAgICJhdXRoIjogIlltVnNlWE5vWlhaa1pXNXBjenBCY0hJeGIzSXhkQT09IgogICAgICAgICAgICAgICAgfQogICAgICAgIH0sCiAgICAgICAgIkh0dHBIZWFkZXJzIjogewogICAgICAgICAgICAgICAgIlVzZXItQWdlbnQiOiAiRG9ja2VyLUNsaWVudC8xOC4wOS4yIChsaW51eCkiCiAgICAgICAgfQp9 -type: kubernetes.io/dockerconfigjson ---- -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - namespace: kube-system - name: kube-policy-deployment - labels: - app: kube-policy -spec: - replicas: 1 - template: - metadata: - labels: - app: kube-policy - spec: - serviceAccountName: kube-policy-service-account - containers: - - name: kube-policy - image: nirmata/kube-policy:latest - imagePullPolicy: IfNotPresent - ports: - - containerPort: 443 - securityContext: - privileged: true - imagePullSecrets: - - name: mykey123 diff --git a/definitions/install.yaml b/definitions/install.yaml index 28cbbc797b..44c1214c00 100644 --- a/definitions/install.yaml +++ b/definitions/install.yaml @@ -202,3 +202,5 @@ spec: - containerPort: 443 securityContext: privileged: true + imagePullSecrets: + - name: docker-registry-key