forked from mspnp/aks-fabrikam-dronedelivery
-
Notifications
You must be signed in to change notification settings - Fork 0
/
flux.yaml
182 lines (182 loc) · 4.94 KB
/
flux.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/name: flux
name: flux
namespace: backend-dev
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: flux
labels:
app.kubernetes.io/name: flux
rules:
- apiGroups: ['*']
resources: ['*']
verbs: ['*']
- nonResourceURLs: ['*']
verbs: ['*']
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: flux
labels:
app.kubernetes.io/name: flux
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: flux
subjects:
- kind: ServiceAccount
name: flux
namespace: backend-dev
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: flux
namespace: backend-dev
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: flux
strategy:
type: Recreate
template:
metadata:
annotations:
prometheus.io/port: "3031"
labels:
app.kubernetes.io/name: flux
spec:
nodeSelector:
kubernetes.io/os: linux
agentpool: npuser01
serviceAccountName: flux
volumes:
- name: git-key
secret:
secretName: flux-git-deploy
containers:
- name: flux
# PRODUCTION READINESS CHANGE REQUIRED
# This image should be sourced from a non-public container registry, such as the
# one deployed along side of this reference implementation.
# az acr import --source docker.io/fluxcd/flux:1.19.0 -n <your-acr-instance-name>
# and then set this to
# image: <your-acr-instance-name>.azurecr.io/fluxcd/flux:1.19.0
image: docker.io/fluxcd/flux:1.19.0
imagePullPolicy: IfNotPresent
securityContext:
capabilities:
drop:
- ALL
allowPrivilegeEscalation: false
# create folder in the root fs when cloning repos
readOnlyRootFilesystem: false
# access to root folder like /.kube/config
runAsNonRoot: false
volumeMounts:
- name: git-key
mountPath: /etc/fluxd/ssh
readOnly: true
resources:
requests:
cpu: 50m
memory: 64Mi
ports:
- containerPort: 3030
livenessProbe:
httpGet:
port: 3030
path: /api/flux/v6/identity.pub
initialDelaySeconds: 5
timeoutSeconds: 5
readinessProbe:
httpGet:
port: 3030
path: /api/flux/v6/identity.pub
initialDelaySeconds: 5
timeoutSeconds: 5
args:
- --git-url=https://github.com/arunkollan/dronehem.git
- --git-branch=main
- --git-path=cluster-baseline-settings
# this configuration prevents flux from syncing changes from your cluster to the git repo. If two way sync is required, please take a look at https://docs.fluxcd.io/en/1.19.0/tutorials/get-started/#giving-write-access
- --git-readonly
- --sync-state=secret
- --listen-metrics=:3031
- --git-timeout=5m
- --registry-disable-scanning=true
---
# This secret is ok to be initialized as empty since Flux annotates the
# Kubernetes Secret object with flux.weave.works/sync-hwm: <commit-sha>
# as a way to store the latest commit applied to the cluster and later on
# compare with to confirm wether it is in sync or not.
apiVersion: v1
kind: Secret
metadata:
name: flux-git-deploy
namespace: backend-dev
type: Opaque
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: memcached
namespace: backend-dev
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: memcached
template:
metadata:
labels:
app.kubernetes.io/name: memcached
spec:
nodeSelector:
kubernetes.io/os: linux
agentpool: npuser01
containers:
- name: memcached
# PRODUCTION READINESS CHANGE REQUIRED
# This image should be sourced from a non-public container registry, such as the
# one deployed along side of this reference implementation.
# az acr import --source docker.io/library/memcached:1.5.20 -n <your-acr-instance-name>
# and then set this to
# image: <your-acr-instance-name>.azurecr.io/library/memcached:1.5.20
image: library/memcached:1.5.20
imagePullPolicy: IfNotPresent
resources:
requests:
memory: 512Mi
args:
- -m 512
- -I 5m # Maximum size for one item
- -p 11211 # Default port
# - -vv # Uncomment to get logs of each request and response.
ports:
- name: clients
containerPort: 11211
securityContext:
runAsUser: 11211
runAsGroup: 11211
allowPrivilegeEscalation: false
---
apiVersion: v1
kind: Service
metadata:
name: memcached
namespace: backend-dev
spec:
ports:
- name: memcached
port: 11211
selector:
app.kubernetes.io/name: memcached