apiVersion: v1 kind: Namespace metadata: labels: app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: ontime-operator control-plane: controller-manager name: ontime-operator --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: stages.cloud.getontime.no spec: group: cloud.getontime.no names: kind: Stage listKind: StageList plural: stages singular: stage scope: Namespaced versions: - name: v1 schema: openAPIV3Schema: description: Stage is the Schema for the stages API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: Spec defines the desired state of Stage type: object x-kubernetes-preserve-unknown-fields: true status: description: Status defines the observed state of Stage type: object x-kubernetes-preserve-unknown-fields: true type: object served: true storage: true subresources: status: {} --- apiVersion: v1 kind: ServiceAccount metadata: labels: app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: ontime-operator name: ontime-operator-controller-manager namespace: ontime-operator --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: ontime-operator name: ontime-operator-leader-election-role namespace: ontime-operator rules: - apiGroups: - "" resources: - configmaps verbs: - get - list - watch - create - update - patch - delete - apiGroups: - coordination.k8s.io resources: - leases verbs: - get - list - watch - create - update - patch - delete - apiGroups: - "" resources: - events verbs: - create - patch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: ontime-operator-manager-role rules: - apiGroups: - "" resources: - namespaces verbs: - get - apiGroups: - "" resources: - secrets verbs: - '*' - apiGroups: - "" resources: - events verbs: - create - apiGroups: - cloud.getontime.no resources: - stages - stages/status - stages/finalizers verbs: - create - delete - get - list - patch - update - watch - apiGroups: - "" resources: - services - persistentvolumeclaims verbs: - '*' - apiGroups: - apps resources: - deployments verbs: - '*' - apiGroups: - networking.k8s.io resources: - ingresses verbs: - '*' --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: ontime-operator-metrics-auth-role rules: - apiGroups: - authentication.k8s.io resources: - tokenreviews verbs: - create - apiGroups: - authorization.k8s.io resources: - subjectaccessreviews verbs: - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: ontime-operator-metrics-reader rules: - nonResourceURLs: - /metrics verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: ontime-operator name: ontime-operator-stage-admin-role rules: - apiGroups: - cloud.getontime.no resources: - stages verbs: - '*' - apiGroups: - cloud.getontime.no resources: - stages/status verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: ontime-operator name: ontime-operator-stage-editor-role rules: - apiGroups: - cloud.getontime.no resources: - stages verbs: - create - delete - get - list - patch - update - watch - apiGroups: - cloud.getontime.no resources: - stages/status verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: ontime-operator name: ontime-operator-stage-viewer-role rules: - apiGroups: - cloud.getontime.no resources: - stages verbs: - get - list - watch - apiGroups: - cloud.getontime.no resources: - stages/status verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: ontime-operator name: ontime-operator-leader-election-rolebinding namespace: ontime-operator roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: ontime-operator-leader-election-role subjects: - kind: ServiceAccount name: ontime-operator-controller-manager namespace: ontime-operator --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: ontime-operator name: ontime-operator-manager-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: ontime-operator-manager-role subjects: - kind: ServiceAccount name: ontime-operator-controller-manager namespace: ontime-operator --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: ontime-operator-metrics-auth-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: ontime-operator-metrics-auth-role subjects: - kind: ServiceAccount name: ontime-operator-controller-manager namespace: ontime-operator --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: ontime-operator control-plane: controller-manager name: ontime-operator-controller-manager-metrics-service namespace: ontime-operator spec: ports: - name: https port: 8443 protocol: TCP targetPort: 8443 selector: app.kubernetes.io/name: ontime-operator control-plane: controller-manager --- apiVersion: apps/v1 kind: Deployment metadata: labels: app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: ontime-operator control-plane: controller-manager name: ontime-operator-controller-manager namespace: ontime-operator spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: ontime-operator control-plane: controller-manager template: metadata: annotations: kubectl.kubernetes.io/default-container: manager labels: app.kubernetes.io/name: ontime-operator control-plane: controller-manager spec: containers: - args: - --metrics-require-rbac - --metrics-secure - --metrics-bind-address=:8443 - --leader-elect - --leader-election-id=ontime-operator - --health-probe-bind-address=:8081 image: git.jwetzell.com/jwetzell/ontime-operator:latest livenessProbe: httpGet: path: /healthz port: 8081 initialDelaySeconds: 15 periodSeconds: 20 name: manager ports: [] readinessProbe: httpGet: path: /readyz port: 8081 initialDelaySeconds: 5 periodSeconds: 10 resources: limits: cpu: 500m memory: 128Mi requests: cpu: 10m memory: 64Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL volumeMounts: [] securityContext: runAsNonRoot: true seccompProfile: type: RuntimeDefault serviceAccountName: ontime-operator-controller-manager terminationGracePeriodSeconds: 10 volumes: []