From e7af6c0e9af9aedfb25436e51d2e122c050f3f9b Mon Sep 17 00:00:00 2001 From: belyshevdenis Date: Fri, 22 Mar 2019 16:19:34 +0200 Subject: [PATCH] NK-44: Nodes are able now to pull private dockerhub images --- definitions/install-with-secret.yaml | 215 +++++++++++++++++++++++++++ 1 file changed, 215 insertions(+) create mode 100644 definitions/install-with-secret.yaml diff --git a/definitions/install-with-secret.yaml b/definitions/install-with-secret.yaml new file mode 100644 index 0000000000..013ab4365b --- /dev/null +++ b/definitions/install-with-secret.yaml @@ -0,0 +1,215 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: policies.policy.nirmata.io +spec: + group: policy.nirmata.io + versions: + - name: v1alpha1 + served: true + storage: true + scope: Cluster + names: + kind: Policy + plural: policies + singular: policy + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + required: + - failurePolicy + - rules + properties: + failurePolicy: + type: string + enum: + - continueOnError + - stopOnError + rules: + type: array + items: + type: object + required: + - resource + properties: + resource: + type: object + required: + - kind + properties: + kind: + type: string + enum: + - ConfigMap + - CronJob + - DaemonSet + - Deployment + - Endpoints + - HorizontalPodAutoscaler + - Ingress + - Job + - LimitRange + - Namespace + - NetworkPolicy + - PersistentVolumeClaim + - PodDisruptionBudget + - PodTemplate + - ResourceQuota + - Secret + - Service + - StatefulSet + name: + type: string + selector: + properties: + matchLabels: + type: object + additionalProperties: + type: string + matchExpressions: + type: array + items: + type: object + required: + - key + - operator + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + patch: + type: array + items: + type: object + required: + - path + - op + properties: + path: + type: string + op: + type: string + enum: + - add + - replace + - remove + value: + AnyValue: {} + configMapGenerator: + type: object + required: + - name + properties: + name: + type: string + copyFrom: + type: object + required: + - namespace + - name + properties: + namespace: + type: string + name: + type: string + data: + type: object + additionalProperties: + type: string + secretGenerator: + type: object + required: + - name + properties: + name: + type: string + copyFrom: + type: object + required: + - namespace + - name + properties: + namespace: + type: string + name: + type: string + data: + type: object + additionalProperties: + type: string +--- +apiVersion: v1 +kind: Service +metadata: + namespace: kube-system + name: kube-policy-svc + labels: + app: kube-policy +spec: + ports: + - port: 443 + targetPort: 443 + selector: + app: kube-policy +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kube-policy-service-account + namespace: kube-system +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: kube-policy-admin +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: kube-policy-service-account + namespace: kube-system +--- +apiVersion: v1 +kind: Secret +metadata: + name: mykey123 + namespace: kube-system +data: + .dockerconfigjson: ewogICAgICAgICJhdXRocyI6IHsKICAgICAgICAgICAgICAgICJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iOiB7CiAgICAgICAgICAgICAgICAgICAgICAgICJhdXRoIjogIlltVnNlWE5vWlhaa1pXNXBjenBCY0hJeGIzSXhkQT09IgogICAgICAgICAgICAgICAgfQogICAgICAgIH0sCiAgICAgICAgIkh0dHBIZWFkZXJzIjogewogICAgICAgICAgICAgICAgIlVzZXItQWdlbnQiOiAiRG9ja2VyLUNsaWVudC8xOC4wOS4yIChsaW51eCkiCiAgICAgICAgfQp9 +type: kubernetes.io/dockerconfigjson +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + namespace: kube-system + name: kube-policy-deployment + labels: + app: kube-policy +spec: + replicas: 1 + template: + metadata: + labels: + app: kube-policy + spec: + serviceAccountName: kube-policy-service-account + containers: + - name: kube-policy + image: nirmata/kube-policy:latest + imagePullPolicy: IfNotPresent + ports: + - containerPort: 443 + securityContext: + privileged: true + imagePullSecrets: + - name: mykey123