mirrors/policy-reporter
1
0
Fork 0
mirror of https://github.com/kyverno/policy-reporter.git synced 2024-12-14 11:57:32 +00:00
Code Activity
policy-reporter/manifest/default-policy-reporter-ui/install.yaml
Frank Jogeleit 86c2d7f844 Add optional external cache for new results 
Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>
2022-05-12 11:02:09 +02:00

189 lines
4.3 KiB
YAML
Raw Blame History

---
apiVersion: v1
kind: ServiceAccount
metadata:
name: policy-reporter
namespace: policy-reporter
labels:
app.kubernetes.io/name: policy-reporter
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
name: policy-reporter
rules:
- apiGroups:
- '*'
resources:
- policyreports
- policyreports/status
- clusterpolicyreports
- clusterpolicyreports/status
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: policy-reporter
roleRef:
kind: ClusterRole
name: policy-reporter
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: "ServiceAccount"
name: policy-reporter
namespace: policy-reporter
---
apiVersion: v1
kind: Service
metadata:
name: policy-reporter-ui
namespace: policy-reporter
labels:
app.kubernetes.io/name: policy-reporter-ui
spec:
type: ClusterIP
ports:
- port: 8080
targetPort: http
protocol: TCP
name: http
selector:
app.kubernetes.io/name: policy-reporter-ui
---
apiVersion: v1
kind: Service
metadata:
name: policy-reporter
namespace: policy-reporter
labels:
app.kubernetes.io/name: policy-reporter
spec:
type: ClusterIP
ports:
- port: 8080
targetPort: http
protocol: TCP
name: http
selector:
app.kubernetes.io/name: policy-reporter
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: policy-reporter-ui
namespace: policy-reporter
labels:
app.kubernetes.io/name: policy-reporter-ui
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: policy-reporter-ui
template:
metadata:
labels:
app.kubernetes.io/name: policy-reporter-ui
spec:
automountServiceAccountToken: false
containers:
- name: ui
image: "ghcr.io/kyverno/policy-reporter-ui:1.3.4"
imagePullPolicy: IfNotPresent
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1234
args:
- -policy-reporter=http://policy-reporter:8080
ports:
- name: http
containerPort: 8080
protocol: TCP
livenessProbe:
httpGet:
path: /
port: http
readinessProbe:
httpGet:
path: /
port: http
resources:
{}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: policy-reporter
namespace: policy-reporter
labels:
app.kubernetes.io/name: policy-reporter
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: policy-reporter
template:
metadata:
labels:
app.kubernetes.io/name: policy-reporter
app.kubernetes.io/instance: policy-reporter
spec:
serviceAccountName: policy-reporter
automountServiceAccountToken: true
securityContext:
fsGroup: 1234
containers:
- name: policy-reporter
image: "ghcr.io/kyverno/policy-reporter:2.5.1"
imagePullPolicy: IfNotPresent
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1234
args:
- --config=/app/config.yaml
- --dbfile=/sqlite/database.db
- --rest-enabled
ports:
- name: http
containerPort: 8080
protocol: TCP
livenessProbe:
httpGet:
path: /healthz
port: http
readinessProbe:
httpGet:
path: /ready
port: http
resources:
{}
volumeMounts:
- name: sqlite
mountPath: /sqlite
- name: config-file
mountPath: /app/config.yaml
subPath: config.yaml
volumes:
- name: sqlite
emptyDir: {}
- name: config-file
secret:
secretName: policy-reporter-config
optional: true
View git blame Copy permalink