-
Notifications
You must be signed in to change notification settings - Fork 27
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
95b9c7b
commit 18c50b0
Showing
2 changed files
with
258 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,251 @@ | ||
{{ $merged := (merge (dict "Component" "operator") $) -}} | ||
{{ $service := (merge (dict "Component" "service") $) -}} | ||
{{- if .Values.operator.enabled -}} | ||
--- | ||
apiVersion: v1 | ||
kind: ServiceAccount | ||
metadata: | ||
labels: | ||
{{ include "kestra.labels" $merged | indent 4 }} | ||
name: {{ include "kestra.fullname" $merged }} | ||
--- | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: ClusterRole | ||
metadata: | ||
name: {{ include "kestra.fullname" $merged }}-namespace-file-cluster-role | ||
rules: | ||
- apiGroups: | ||
- model.kestra.io | ||
resources: | ||
- kestranamespacefiles | ||
- kestranamespacefiles/status | ||
- kestranamespacefiles/finalizers | ||
verbs: | ||
- get | ||
- list | ||
- watch | ||
- patch | ||
- update | ||
- create | ||
- delete | ||
--- | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: ClusterRole | ||
metadata: | ||
name: {{ include "kestra.fullname" $merged }}-flow-cluster-role | ||
rules: | ||
- apiGroups: | ||
- model.kestra.io | ||
resources: | ||
- kestraflows | ||
- kestraflows/status | ||
- kestraflows/finalizers | ||
verbs: | ||
- get | ||
- list | ||
- watch | ||
- patch | ||
- update | ||
- create | ||
- delete | ||
--- | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: ClusterRole | ||
metadata: | ||
name: {{ include "kestra.fullname" $merged }}-key-value-cluster-role | ||
rules: | ||
- apiGroups: | ||
- model.kestra.io | ||
resources: | ||
- kestrakeyvalues | ||
- kestrakeyvalues/status | ||
- kestrakeyvalues/finalizers | ||
verbs: | ||
- get | ||
- list | ||
- watch | ||
- patch | ||
- update | ||
- create | ||
- delete | ||
--- | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: ClusterRole | ||
metadata: | ||
name: {{ include "kestra.fullname" $merged }}-josdk-crd-validating-cluster-role | ||
rules: | ||
- apiGroups: | ||
- apiextensions.k8s.io | ||
resources: | ||
- customresourcedefinitions | ||
verbs: | ||
- get | ||
- list | ||
--- | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: ClusterRoleBinding | ||
metadata: | ||
name: {{ include "kestra.fullname" $merged }}-namespace-file-crd-validating-role-binding | ||
roleRef: | ||
kind: ClusterRole | ||
apiGroup: rbac.authorization.k8s.io | ||
name: {{ include "kestra.fullname" $merged }}-josdk-crd-validating-cluster-role | ||
subjects: | ||
- kind: ServiceAccount | ||
name: {{ include "kestra.fullname" $merged }} | ||
namespace: {{ .Release.Namespace }} | ||
--- | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: ClusterRoleBinding | ||
metadata: | ||
name: {{ include "kestra.fullname" $merged }}-namespace-file-cluster-role-binding | ||
roleRef: | ||
kind: ClusterRole | ||
apiGroup: rbac.authorization.k8s.io | ||
name: {{ include "kestra.fullname" $merged }}-namespace-file-cluster-role | ||
subjects: | ||
- kind: ServiceAccount | ||
name: {{ include "kestra.fullname" $merged }} | ||
namespace: {{ .Release.Namespace }} | ||
--- | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: ClusterRoleBinding | ||
metadata: | ||
name: {{ include "kestra.fullname" $merged }}-flow-crd-validating-role-binding | ||
roleRef: | ||
kind: ClusterRole | ||
apiGroup: rbac.authorization.k8s.io | ||
name: {{ include "kestra.fullname" $merged }}-josdk-crd-validating-cluster-role | ||
subjects: | ||
- kind: ServiceAccount | ||
name: {{ include "kestra.fullname" $merged }} | ||
namespace: {{ .Release.Namespace }} | ||
--- | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: ClusterRoleBinding | ||
metadata: | ||
name: {{ include "kestra.fullname" $merged }}-flow-cluster-role-binding | ||
roleRef: | ||
kind: ClusterRole | ||
apiGroup: rbac.authorization.k8s.io | ||
name: {{ include "kestra.fullname" $merged }}-flow-cluster-role | ||
subjects: | ||
- kind: ServiceAccount | ||
name: {{ include "kestra.fullname" $merged }} | ||
namespace: {{ .Release.Namespace }} | ||
--- | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: ClusterRoleBinding | ||
metadata: | ||
name: {{ include "kestra.fullname" $merged }}-key-value-crd-validating-role-binding | ||
roleRef: | ||
kind: ClusterRole | ||
apiGroup: rbac.authorization.k8s.io | ||
name: {{ include "kestra.fullname" $merged }}-josdk-crd-validating-cluster-role | ||
subjects: | ||
- kind: ServiceAccount | ||
name: {{ include "kestra.fullname" $merged }} | ||
namespace: {{ .Release.Namespace }} | ||
--- | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: ClusterRoleBinding | ||
metadata: | ||
name: {{ include "kestra.fullname" $merged }}-key-value-cluster-role-binding | ||
roleRef: | ||
kind: ClusterRole | ||
apiGroup: rbac.authorization.k8s.io | ||
name: {{ include "kestra.fullname" $merged }}-key-value-cluster-role | ||
subjects: | ||
- kind: ServiceAccount | ||
name: {{ include "kestra.fullname" $merged }} | ||
namespace: {{ .Release.Namespace }} | ||
--- | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: RoleBinding | ||
metadata: | ||
name: {{ include "kestra.fullname" $merged }}-view | ||
roleRef: | ||
kind: ClusterRole | ||
apiGroup: rbac.authorization.k8s.io | ||
name: view | ||
subjects: | ||
- kind: ServiceAccount | ||
name: {{ include "kestra.fullname" $merged }} | ||
namespace: {{ .Release.Namespace }} | ||
--- | ||
apiVersion: apps/v1 | ||
kind: Deployment | ||
metadata: | ||
name: {{ include "kestra.fullname" $merged }} | ||
labels: | ||
app: {{ include "kestra.fullname" $merged }} | ||
spec: | ||
replicas: 1 | ||
selector: | ||
matchLabels: | ||
app: {{ include "kestra.fullname" $merged }} | ||
template: | ||
metadata: | ||
labels: | ||
app: {{ include "kestra.fullname" $merged }} | ||
spec: | ||
serviceAccountName: kestra-operator | ||
{{- with $.Values.imagePullSecrets }} | ||
imagePullSecrets: | ||
{{- toYaml . | nindent 8 }} | ||
{{- end }} | ||
containers: | ||
- name: kestra-operator | ||
image: {{ .Values.operator.image }} | ||
resources: | ||
requests: | ||
cpu: 250m | ||
memory: 256Mi | ||
limits: | ||
cpu: 500m | ||
memory: 512Mi | ||
startupProbe: | ||
httpGet: | ||
path: /q/health/started | ||
port: 8080 | ||
scheme: HTTP | ||
periodSeconds: {{ $.Values.startupProbe.periodSeconds }} | ||
timeoutSeconds: {{ $.Values.startupProbe.timeoutSeconds }} | ||
successThreshold: {{ $.Values.startupProbe.successThreshold }} | ||
failureThreshold: {{ $.Values.startupProbe.failureThreshold }} | ||
livenessProbe: | ||
httpGet: | ||
path: /q/health/live | ||
port: 8080 | ||
scheme: HTTP | ||
initialDelaySeconds: {{ $.Values.livenessProbe.initialDelaySeconds }} | ||
periodSeconds: {{ $.Values.livenessProbe.periodSeconds }} | ||
timeoutSeconds: {{ $.Values.livenessProbe.timeoutSeconds }} | ||
successThreshold: {{ $.Values.livenessProbe.successThreshold }} | ||
failureThreshold: {{ $.Values.livenessProbe.failureThreshold }} | ||
readinessProbe: | ||
httpGet: | ||
path: /q/health/ready | ||
port: 8080 | ||
scheme: HTTP | ||
initialDelaySeconds: {{ $.Values.readinessProbe.initialDelaySeconds }} | ||
periodSeconds: {{ $.Values.readinessProbe.periodSeconds }} | ||
timeoutSeconds: {{ $.Values.readinessProbe.timeoutSeconds }} | ||
successThreshold: {{ $.Values.readinessProbe.successThreshold }} | ||
failureThreshold: {{ $.Values.readinessProbe.failureThreshold }} | ||
env: | ||
- name: QUARKUS_OPERATOR_SDK_CRD_APPLY | ||
value: "true" | ||
- name: QUARKUS_OPERATOR_SDK_CRD_VALIDATE | ||
value: "false" | ||
- name: KESTRA_API_URL | ||
value: http://{{ include "kestra.fullname" $service }}:8080 | ||
{{- if .Values.operator.apiKey }} | ||
- name: KESTRA_API_API_KEY | ||
value: {{ .Values.operator.apiKey }} | ||
{{- end }} | ||
{{- if .Values.operator.basicAuth }} | ||
- name: KESTRA_API_BASIC_AUTH | ||
value: {{ .Values.operator.basicAuth }} | ||
{{- end }} | ||
{{- end }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters