kms added

2025-04-01 23:35:03 +02:00
parent 4d0d73886f
commit db025f183b
8 changed files with 134 additions and 0 deletions
--- a/kms/cr.yaml
+++ b/kms/cr.yaml
@@ -0,0 +1,29 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: kms-teddysun-role
+rules:
+  - apiGroups: [""]
+    resources:
+      - secrets
+      - configmaps
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups: [""]
+    resources:
+      - pods
+      - services
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups: ["rbac.authorization.k8s.io"]
+    resources:
+      - roles
+      - rolebindings
+    verbs:
+      - get
+      - list
--- a/kms/crb.yaml
+++ b/kms/crb.yaml
@@ -0,0 +1,13 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: kms-teddysun-binding
+subjects:
+  - kind: ServiceAccount
+    name: kms-service-account
+    namespace: default
+roleRef:
+  kind: ClusterRole
+  name: kms-teddysun-role
+  apiGroup: rbac.authorization.k8s.io
--- a/kms/deploy.yaml
+++ b/kms/deploy.yaml
@@ -0,0 +1,32 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kms-deployment
+  namespace: default
+  labels:
+    app: kms
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: kms
+  template:
+    metadata:
+      labels:
+        app: kms
+    spec:
+      containers:
+      - name: kms
+        image: teddysun/kms
+        ports:
+        - containerPort: 1688
+        resources:
+          requests:
+            cpu: "100m"
+            memory: "128Mi"
+          limits:
+            cpu: "500m"
+            memory: "512Mi"
+        securityContext:
+          runAsNonRoot: true
+          runAsUser: 1000
--- a/kms/gateway.yaml
+++ b/kms/gateway.yaml
@@ -0,0 +1,14 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+  name: kms-gateway
+  namespace: default
+spec:
+  gatewayClassName: cilium
+  listeners:
+    - name: kms
+      protocol: TCP
+      port: 1688
+      allowedRoutes:
+        namespaces:
+          from: All
--- a/kms/kustomization.yaml
+++ b/kms/kustomization.yaml
@@ -0,0 +1,13 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - cm.yaml
+  - cr.yaml
+  - crb.yaml
+  - deploy.yaml
+  - gateway.yaml
+  - route.yaml
+  #- secret.yaml
+  - svc.yaml
+  - svcacc.yaml
--- a/kms/route.yaml
+++ b/kms/route.yaml
@@ -0,0 +1,13 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: TCPRoute
+metadata:
+  name: kms-route
+  namespace: default
+spec:
+  parentRefs:
+    - name: kms-gateway
+  rules:
+    - backendRefs:
+        - name: kms-service
+          port: 1688
+          weight: 1
--- a/kms/svc.yaml
+++ b/kms/svc.yaml
@@ -0,0 +1,14 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: kms-service
+spec:
+  selector:
+    app: kms
+  type: ClusterIP
+  ports:
+    - port: 1688
+      targetPort: 1688
+      protocol: TCP
+
--- a/kms/svcacc.yaml
+++ b/kms/svcacc.yaml
@@ -0,0 +1,6 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: kms-service-account
+  namespace: default