From 049784fa483370073c90f73c0be36005c3c5af48 Mon Sep 17 00:00:00 2001 From: Joel Wetzell Date: Sun, 26 Oct 2025 10:11:17 -0500 Subject: [PATCH] deploy ontime-operator --- kustomization.yaml | 3 +- ontime-operator/deploy.yaml | 384 +++++++++++++++++++++++++++++ ontime-operator/kustomization.yaml | 2 + 3 files changed, 388 insertions(+), 1 deletion(-) create mode 100644 ontime-operator/deploy.yaml create mode 100644 ontime-operator/kustomization.yaml diff --git a/kustomization.yaml b/kustomization.yaml index 7f5dc19..5b110ce 100644 --- a/kustomization.yaml +++ b/kustomization.yaml @@ -1,2 +1,3 @@ resources: - - ./ingress-nginx.yaml \ No newline at end of file + - ./ingress-nginx.yaml + - ./ontime-operator \ No newline at end of file diff --git a/ontime-operator/deploy.yaml b/ontime-operator/deploy.yaml new file mode 100644 index 0000000..228066c --- /dev/null +++ b/ontime-operator/deploy.yaml @@ -0,0 +1,384 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: ontime-operator + control-plane: controller-manager + name: ontime-operator-system +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: stages.ontime.getontime.no +spec: + group: ontime.getontime.no + names: + kind: Stage + listKind: StageList + plural: stages + singular: stage + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Stage is the Schema for the stages API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of Stage + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Status defines the observed state of Stage + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: ontime-operator + name: ontime-operator-controller-manager + namespace: ontime-operator-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: ontime-operator + name: ontime-operator-leader-election-role + namespace: ontime-operator-system +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: ontime-operator-manager-role +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - secrets + verbs: + - '*' +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - ontime.getontime.no + resources: + - stages + - stages/status + - stages/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + - services + verbs: + - '*' +- apiGroups: + - apps + resources: + - deployments + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: ontime-operator-metrics-auth-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: ontime-operator-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: ontime-operator + name: ontime-operator-stage-admin-role +rules: +- apiGroups: + - ontime.getontime.no + resources: + - stages + verbs: + - '*' +- apiGroups: + - ontime.getontime.no + resources: + - stages/status + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: ontime-operator + name: ontime-operator-stage-editor-role +rules: +- apiGroups: + - ontime.getontime.no + resources: + - stages + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - ontime.getontime.no + resources: + - stages/status + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: ontime-operator + name: ontime-operator-stage-viewer-role +rules: +- apiGroups: + - ontime.getontime.no + resources: + - stages + verbs: + - get + - list + - watch +- apiGroups: + - ontime.getontime.no + resources: + - stages/status + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: ontime-operator + name: ontime-operator-leader-election-rolebinding + namespace: ontime-operator-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ontime-operator-leader-election-role +subjects: +- kind: ServiceAccount + name: ontime-operator-controller-manager + namespace: ontime-operator-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: ontime-operator + name: ontime-operator-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ontime-operator-manager-role +subjects: +- kind: ServiceAccount + name: ontime-operator-controller-manager + namespace: ontime-operator-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: ontime-operator-metrics-auth-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ontime-operator-metrics-auth-role +subjects: +- kind: ServiceAccount + name: ontime-operator-controller-manager + namespace: ontime-operator-system +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: ontime-operator + control-plane: controller-manager + name: ontime-operator-controller-manager-metrics-service + namespace: ontime-operator-system +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: 8443 + selector: + app.kubernetes.io/name: ontime-operator + control-plane: controller-manager +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: ontime-operator + control-plane: controller-manager + name: ontime-operator-controller-manager + namespace: ontime-operator-system +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: ontime-operator + control-plane: controller-manager + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + app.kubernetes.io/name: ontime-operator + control-plane: controller-manager + spec: + containers: + - args: + - --metrics-require-rbac + - --metrics-secure + - --metrics-bind-address=:8443 + - --leader-elect + - --leader-election-id=ontime-operator + - --health-probe-bind-address=:8081 + image: git.jwetzell.com/jwetzell/ontime-operator:v0.0.1 + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + ports: [] + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + volumeMounts: [] + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: ontime-operator-controller-manager + terminationGracePeriodSeconds: 10 + volumes: [] diff --git a/ontime-operator/kustomization.yaml b/ontime-operator/kustomization.yaml new file mode 100644 index 0000000..a389617 --- /dev/null +++ b/ontime-operator/kustomization.yaml @@ -0,0 +1,2 @@ +resources: + - ./deploy.yaml \ No newline at end of file