k8s/apps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

kms added

Browse Source
This commit is contained in:
Philip Haupt
2025-04-01 23:35:03 +02:00
parent 4d0d73886f
commit db025f183b
8 changed files with 134 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
kms/cr.yaml Normal file
View File

@@ -0,0 +1,29 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kms-teddysun-role
rules:
- apiGroups: [""]
resources:
- secrets
- configmaps
verbs:
- get
- list
- watch
- apiGroups: [""]
resources:
- pods
- services
verbs:
- get
- list
- watch
- apiGroups: ["rbac.authorization.k8s.io"]
resources:
- roles
- rolebindings
verbs:
- get
- list

13
kms/crb.yaml Normal file
View File

@@ -0,0 +1,13 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kms-teddysun-binding
subjects:
- kind: ServiceAccount
name: kms-service-account
namespace: default
roleRef:
kind: ClusterRole
name: kms-teddysun-role
apiGroup: rbac.authorization.k8s.io

32
kms/deploy.yaml Normal file
View File

@@ -0,0 +1,32 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: kms-deployment
namespace: default
labels:
app: kms
spec:
replicas: 1
selector:
matchLabels:
app: kms
template:
metadata:
labels:
app: kms
spec:
containers:
- name: kms
image: teddysun/kms
ports:
- containerPort: 1688
resources:
requests:
cpu: "100m"
memory: "128Mi"
limits:
cpu: "500m"
memory: "512Mi"
securityContext:
runAsNonRoot: true
runAsUser: 1000

14
kms/gateway.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: kms-gateway
namespace: default
spec:
gatewayClassName: cilium
listeners:
- name: kms
protocol: TCP
port: 1688
allowedRoutes:
namespaces:
from: All

13
kms/kustomization.yaml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- cm.yaml
- cr.yaml
- crb.yaml
- deploy.yaml
- gateway.yaml
- route.yaml
#- secret.yaml
- svc.yaml
- svcacc.yaml

13
kms/route.yaml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: gateway.networking.k8s.io/v1
kind: TCPRoute
metadata:
name: kms-route
namespace: default
spec:
parentRefs:
- name: kms-gateway
rules:
- backendRefs:
- name: kms-service
port: 1688
weight: 1

14
kms/svc.yaml Normal file
View File

@@ -0,0 +1,14 @@
---
apiVersion: v1
kind: Service
metadata:
name: kms-service
spec:
selector:
app: kms
type: ClusterIP
ports:
- port: 1688
targetPort: 1688
protocol: TCP

6
kms/svcacc.yaml Normal file
View File

@@ -0,0 +1,6 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: kms-service-account
namespace: default