Newer
Older
5001
5002
5003
5004
5005
5006
5007
5008
5009
5010
5011
5012
5013
5014
5015
5016
5017
5018
5019
5020
5021
- apiGroups:
- helm.toolkit.fluxcd.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- notification.toolkit.fluxcd.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- image.toolkit.fluxcd.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- ""
resources:
5026
5027
5028
5029
5030
5031
5032
5033
5034
5035
5036
5037
5038
5039
5040
5041
5042
5043
5044
5045
5046
5047
5048
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- get
- update
- patch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: kustomize-controller
namespace: flux-system
- kind: ServiceAccount
name: helm-controller
namespace: flux-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
subjects:
- kind: ServiceAccount
name: kustomize-controller
namespace: flux-system
- kind: ServiceAccount
name: helm-controller
namespace: flux-system
- kind: ServiceAccount
name: source-controller
namespace: flux-system
- kind: ServiceAccount
name: notification-controller
namespace: flux-system
- kind: ServiceAccount
name: image-reflector-controller
namespace: flux-system
- kind: ServiceAccount
name: image-automation-controller
namespace: flux-system
kind: Service
metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
control-plane: controller
name: notification-controller
namespace: flux-system
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: http
selector:
app: notification-controller
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
control-plane: controller
name: source-controller
namespace: flux-system
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: http
selector:
app: source-controller
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
control-plane: controller
name: webhook-receiver
namespace: flux-system
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: http-webhook
selector:
app: notification-controller
type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
control-plane: controller
name: helm-controller
namespace: flux-system
spec:
replicas: 1
selector:
matchLabels:
app: helm-controller
template:
metadata:
annotations:
prometheus.io/port: "8080"
prometheus.io/scrape: "true"
labels:
app: helm-controller
spec:
containers:
- args:
- --events-addr=http://notification-controller.flux-system.svc.cluster.local./
- --log-level=info
- --log-encoding=json
- --enable-leader-election
env:
- name: RUNTIME_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /healthz
port: healthz
name: manager
ports:
- containerPort: 9440
name: healthz
protocol: TCP
readinessProbe:
httpGet:
path: /readyz
port: healthz
resources:
limits:
cpu: 1000m
memory: 1Gi
requests:
cpu: 100m
memory: 64Mi
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
serviceAccountName: helm-controller
terminationGracePeriodSeconds: 600
volumes:
- emptyDir: {}
name: temp
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
matchLabels:
app: kustomize-controller
template:
metadata:
annotations:
prometheus.io/port: "8080"
prometheus.io/scrape: "true"
labels:
app: kustomize-controller
spec:
containers:
- args:
- --events-addr=http://notification-controller.flux-system.svc.cluster.local./
- --log-level=info
- --log-encoding=json
- --enable-leader-election
env:
- name: RUNTIME_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /healthz
port: healthz
name: manager
ports:
- containerPort: 9440
name: healthz
protocol: TCP
readinessProbe:
httpGet:
path: /readyz
port: healthz
resources:
limits:
cpu: 1000m
memory: 1Gi
requests:
cpu: 100m
memory: 64Mi
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
securityContext:
fsGroup: 1337
serviceAccountName: kustomize-controller
terminationGracePeriodSeconds: 60
volumes:
- emptyDir: {}
name: temp
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
control-plane: controller
name: notification-controller
namespace: flux-system
spec:
replicas: 1
selector:
matchLabels:
app: notification-controller
template:
metadata:
annotations:
prometheus.io/port: "8080"
prometheus.io/scrape: "true"
labels:
app: notification-controller
spec:
containers:
- args:
- --enable-leader-election
env:
- name: RUNTIME_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: ghcr.io/fluxcd/notification-controller:v0.24.1
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
name: manager
ports:
- containerPort: 9090
name: http
- containerPort: 9292
name: http-webhook
- containerPort: 8080
name: http-prom
- containerPort: 9440
name: healthz
protocol: TCP
readinessProbe:
httpGet:
path: /readyz
port: healthz
resources:
limits:
cpu: 1000m
memory: 1Gi
requests:
cpu: 100m
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /tmp
name: temp
terminationGracePeriodSeconds: 10
volumes:
- emptyDir: {}
name: temp
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
control-plane: controller
name: source-controller
namespace: flux-system
spec:
replicas: 1
selector:
matchLabels:
app: source-controller
strategy:
type: Recreate
template:
metadata:
annotations:
prometheus.io/port: "8080"
prometheus.io/scrape: "true"
labels:
app: source-controller
spec:
containers:
- args:
- --events-addr=http://notification-controller.flux-system.svc.cluster.local./
- --log-level=info
- --log-encoding=json
- --enable-leader-election
- --storage-path=/data
- --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local.
env:
- name: RUNTIME_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /healthz
port: healthz
name: manager
ports:
- containerPort: 9090
name: http
readinessProbe:
httpGet:
path: /
port: http
resources:
limits:
cpu: 1000m
memory: 1Gi
requests:
cpu: 50m
memory: 64Mi
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /data
name: data
- mountPath: /tmp
name: tmp
securityContext:
fsGroup: 1337
serviceAccountName: source-controller
terminationGracePeriodSeconds: 10
volumes:
- emptyDir: {}
name: data
- emptyDir: {}
name: tmp
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
namespace: flux-system
spec:
ingress:
- from:
- namespaceSelector: {}
ports:
- port: 8080
protocol: TCP
podSelector: {}
policyTypes:
- Ingress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
namespace: flux-system
spec:
ingress:
- from:
- namespaceSelector: {}
podSelector:
matchLabels:
app: notification-controller