Merge pull request #18 from cfryanr/fix_deploy_errors
Fix deploy errors
This commit is contained in:
commit
7cac20fc89
19
Dockerfile
19
Dockerfile
@ -1,4 +1,23 @@
|
|||||||
FROM golang:1.14-alpine as build-env
|
FROM golang:1.14-alpine as build-env
|
||||||
|
|
||||||
|
# It is important that these ARG's are defined after the FROM statement
|
||||||
|
ARG ACCESS_TOKEN_USR="nothing"
|
||||||
|
ARG ACCESS_TOKEN_PWD="nothing"
|
||||||
|
|
||||||
|
# git is required to fetch go dependencies
|
||||||
|
RUN apk add --no-cache ca-certificates git
|
||||||
|
|
||||||
|
# Create a netrc file using the credentials specified using --build-arg
|
||||||
|
RUN printf "machine github.com\n\
|
||||||
|
login ${ACCESS_TOKEN_USR}\n\
|
||||||
|
password ${ACCESS_TOKEN_PWD}\n\
|
||||||
|
\n\
|
||||||
|
machine api.github.com\n\
|
||||||
|
login ${ACCESS_TOKEN_USR}\n\
|
||||||
|
password ${ACCESS_TOKEN_PWD}\n"\
|
||||||
|
>> /root/.netrc
|
||||||
|
RUN chmod 600 /root/.netrc
|
||||||
|
|
||||||
RUN mkdir /work
|
RUN mkdir /work
|
||||||
RUN mkdir /work/out
|
RUN mkdir /work/out
|
||||||
WORKDIR /work
|
WORKDIR /work
|
||||||
|
@ -9,6 +9,12 @@ metadata:
|
|||||||
name: #@ data.values.namespace
|
name: #@ data.values.namespace
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
name: #@ data.values.app_name + "-service-account"
|
||||||
|
namespace: #@ data.values.namespace
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
kind: ConfigMap
|
kind: ConfigMap
|
||||||
metadata:
|
metadata:
|
||||||
name: #@ data.values.app_name + "-config"
|
name: #@ data.values.app_name + "-config"
|
||||||
@ -39,6 +45,7 @@ spec:
|
|||||||
labels:
|
labels:
|
||||||
app: #@ data.values.app_name
|
app: #@ data.values.app_name
|
||||||
spec:
|
spec:
|
||||||
|
serviceAccountName: #@ data.values.app_name + "-service-account"
|
||||||
containers:
|
containers:
|
||||||
- name: placeholder-name
|
- name: placeholder-name
|
||||||
#@ if data.values.image_digest:
|
#@ if data.values.image_digest:
|
||||||
@ -49,18 +56,18 @@ spec:
|
|||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
command:
|
command:
|
||||||
- ./app
|
- ./app
|
||||||
|
args:
|
||||||
- --config=/etc/config/placeholder-config.yaml
|
- --config=/etc/config/placeholder-config.yaml
|
||||||
- --downward-api-path=/etc/podinfo
|
- --downward-api-path=/etc/podinfo
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: config-volume
|
- name: config-volume
|
||||||
mountPath: /etc/config
|
mountPath: /etc/config
|
||||||
|
- name: podinfo
|
||||||
|
mountPath: /etc/podinfo
|
||||||
volumes:
|
volumes:
|
||||||
- name: config-volume
|
- name: config-volume
|
||||||
configMap:
|
configMap:
|
||||||
name: #@ data.values.app_name + "-config"
|
name: #@ data.values.app_name + "-config"
|
||||||
- name: podinfo
|
|
||||||
mountPath: /etc/podinfo
|
|
||||||
volumes:
|
|
||||||
- name: podinfo
|
- name: podinfo
|
||||||
downwardAPI:
|
downwardAPI:
|
||||||
items:
|
items:
|
||||||
|
51
deploy/rbac.yaml
Normal file
51
deploy/rbac.yaml
Normal file
@ -0,0 +1,51 @@
|
|||||||
|
#@ load("@ytt:data", "data")
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRole
|
||||||
|
metadata:
|
||||||
|
name: #@ data.values.app_name + "-aggregated-api-server-cluster-role"
|
||||||
|
rules:
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources: [namespaces]
|
||||||
|
verbs: [get, list, watch]
|
||||||
|
- apiGroups: [apiregistration.k8s.io]
|
||||||
|
resources: [apiservices]
|
||||||
|
verbs: [create, get, list, patch, update, watch]
|
||||||
|
---
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
metadata:
|
||||||
|
name: #@ data.values.app_name + "-aggregated-api-server-cluster-role-binding"
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: #@ data.values.app_name + "-service-account"
|
||||||
|
namespace: #@ data.values.namespace
|
||||||
|
roleRef:
|
||||||
|
kind: ClusterRole
|
||||||
|
name: #@ data.values.app_name + "-aggregated-api-server-cluster-role"
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: Role
|
||||||
|
metadata:
|
||||||
|
name: #@ data.values.app_name + "-aggregated-api-server-role"
|
||||||
|
namespace: #@ data.values.namespace
|
||||||
|
rules:
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources: [services]
|
||||||
|
verbs: [create, get, list, patch, update, watch]
|
||||||
|
---
|
||||||
|
kind: RoleBinding
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
metadata:
|
||||||
|
name: #@ data.values.app_name + "-aggregated-api-server-role-binding"
|
||||||
|
namespace: #@ data.values.namespace
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: #@ data.values.app_name + "-service-account"
|
||||||
|
namespace: #@ data.values.namespace
|
||||||
|
roleRef:
|
||||||
|
kind: Role
|
||||||
|
name: #@ data.values.app_name + "-aggregated-api-server-role"
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
@ -64,8 +64,8 @@ func Setup(ctx context.Context, options SetupOptions) error {
|
|||||||
Port: &svc.Spec.Ports[0].Port,
|
Port: &svc.Spec.Ports[0].Port,
|
||||||
}
|
}
|
||||||
apiSvc.ObjectMeta.OwnerReferences = []metav1.OwnerReference{{
|
apiSvc.ObjectMeta.OwnerReferences = []metav1.OwnerReference{{
|
||||||
APIVersion: ns.APIVersion,
|
APIVersion: "v1", // TODO why did we need to hardcode this to avoid errors? was ns.APIVersion
|
||||||
Kind: ns.Kind,
|
Kind: "Namespace", // TODO why did we need to hardcode this to avoid errors? was ns.Kind
|
||||||
UID: ns.UID,
|
UID: ns.UID,
|
||||||
Name: ns.Name,
|
Name: ns.Name,
|
||||||
}}
|
}}
|
||||||
|
Loading…
Reference in New Issue
Block a user