1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-01-20 18:52:16 +00:00

NK-44: Secret is now in the separate yaml

This commit is contained in:
belyshevdenis 2019-03-22 17:56:29 +02:00
parent e7af6c0e9a
commit 3302bdd619
3 changed files with 10 additions and 215 deletions

View file

@ -0,0 +1,8 @@
apiVersion: v1
kind: Secret
metadata:
name: docker-registry-key
namespace: kube-system
data:
.dockerconfigjson: DOCKER_CONFIG_JSON_IN_BASE64
type: kubernetes.io/dockerconfigjson

View file

@ -1,215 +0,0 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: policies.policy.nirmata.io
spec:
group: policy.nirmata.io
versions:
- name: v1alpha1
served: true
storage: true
scope: Cluster
names:
kind: Policy
plural: policies
singular: policy
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
spec:
required:
- failurePolicy
- rules
properties:
failurePolicy:
type: string
enum:
- continueOnError
- stopOnError
rules:
type: array
items:
type: object
required:
- resource
properties:
resource:
type: object
required:
- kind
properties:
kind:
type: string
enum:
- ConfigMap
- CronJob
- DaemonSet
- Deployment
- Endpoints
- HorizontalPodAutoscaler
- Ingress
- Job
- LimitRange
- Namespace
- NetworkPolicy
- PersistentVolumeClaim
- PodDisruptionBudget
- PodTemplate
- ResourceQuota
- Secret
- Service
- StatefulSet
name:
type: string
selector:
properties:
matchLabels:
type: object
additionalProperties:
type: string
matchExpressions:
type: array
items:
type: object
required:
- key
- operator
properties:
key:
type: string
operator:
type: string
values:
type: array
items:
type: string
patch:
type: array
items:
type: object
required:
- path
- op
properties:
path:
type: string
op:
type: string
enum:
- add
- replace
- remove
value:
AnyValue: {}
configMapGenerator:
type: object
required:
- name
properties:
name:
type: string
copyFrom:
type: object
required:
- namespace
- name
properties:
namespace:
type: string
name:
type: string
data:
type: object
additionalProperties:
type: string
secretGenerator:
type: object
required:
- name
properties:
name:
type: string
copyFrom:
type: object
required:
- namespace
- name
properties:
namespace:
type: string
name:
type: string
data:
type: object
additionalProperties:
type: string
---
apiVersion: v1
kind: Service
metadata:
namespace: kube-system
name: kube-policy-svc
labels:
app: kube-policy
spec:
ports:
- port: 443
targetPort: 443
selector:
app: kube-policy
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: kube-policy-service-account
namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: kube-policy-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: kube-policy-service-account
namespace: kube-system
---
apiVersion: v1
kind: Secret
metadata:
name: mykey123
namespace: kube-system
data:
.dockerconfigjson: ewogICAgICAgICJhdXRocyI6IHsKICAgICAgICAgICAgICAgICJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iOiB7CiAgICAgICAgICAgICAgICAgICAgICAgICJhdXRoIjogIlltVnNlWE5vWlhaa1pXNXBjenBCY0hJeGIzSXhkQT09IgogICAgICAgICAgICAgICAgfQogICAgICAgIH0sCiAgICAgICAgIkh0dHBIZWFkZXJzIjogewogICAgICAgICAgICAgICAgIlVzZXItQWdlbnQiOiAiRG9ja2VyLUNsaWVudC8xOC4wOS4yIChsaW51eCkiCiAgICAgICAgfQp9
type: kubernetes.io/dockerconfigjson
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
namespace: kube-system
name: kube-policy-deployment
labels:
app: kube-policy
spec:
replicas: 1
template:
metadata:
labels:
app: kube-policy
spec:
serviceAccountName: kube-policy-service-account
containers:
- name: kube-policy
image: nirmata/kube-policy:latest
imagePullPolicy: IfNotPresent
ports:
- containerPort: 443
securityContext:
privileged: true
imagePullSecrets:
- name: mykey123

View file

@ -202,3 +202,5 @@ spec:
- containerPort: 443
securityContext:
privileged: true
imagePullSecrets:
- name: docker-registry-key