diff --git a/keel/README.md b/keel/README.md deleted file mode 100644 index 35d1e1c..0000000 --- a/keel/README.md +++ /dev/null @@ -1,10 +0,0 @@ -To generate secrets and to deploy: - -``` -kubectl create secret generic -n $(basename $(pwd)) application-secrets \ - --from-literal=BASIC_AUTH_PASSWORD=$(cat /dev/urandom | base64 | head -c 30) \ - --from-literal=MAIL_SMTP_PASS=... \ - --from-literal=SLACK_TOKEN=... -kubectl apply -n keel -f application.yml -kubectl -n keel rollout restart deployment.apps/keel -``` diff --git a/keel/application.yml b/keel/application.yml deleted file mode 100644 index a28df13..0000000 --- a/keel/application.yml +++ /dev/null @@ -1,176 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: keel - namespace: keel - labels: - app: keel ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: keel -rules: - - apiGroups: - - "" - resources: - - namespaces - verbs: - - watch - - list - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - - watch - - list - - apiGroups: - - "" - - extensions - - apps - - batch - resources: - - pods - - replicasets - - replicationcontrollers - - statefulsets - - deployments - - daemonsets - - jobs - - cronjobs - verbs: - - get - - delete # required to delete pods during force upgrade of the same tag - - watch - - list - - update - - apiGroups: - - "" - resources: - - configmaps - - pods/portforward - verbs: - - get - - create - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: keel -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: keel -subjects: - - kind: ServiceAccount - name: keel - namespace: keel ---- -apiVersion: v1 -kind: Service -metadata: - name: keel - namespace: keel - labels: - app: keel -spec: - type: ClusterIP - ports: - - port: 9300 - targetPort: 9300 - protocol: TCP - name: keel - selector: - app: keel ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: keel - labels: - app: keel - annotations: - keel.sh/policy: force - keel.sh/trigger: poll - keel.sh/pollSchedule: "@midnight" -spec: - replicas: 1 - serviceName: keel - selector: - matchLabels: - app: keel - template: - metadata: - labels: - app: keel - spec: - serviceAccountName: keel - containers: - - name: keel - image: keelhq/keel:latest - imagePullPolicy: Always - command: ["/bin/keel"] - volumeMounts: - env: - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POLL - value: "true" - - name: HELM_PROVIDER - value: "false" - - name: TILLER_NAMESPACE - value: "kube-system" - - name: TILLER_ADDRESS - value: "tiller-deploy:44134" - - name: NOTIFICATION_LEVEL - value: "info" - - name: BASIC_AUTH_USER - value: admin - - name: SLACK_CHANNELS - value: kube-prod - - name: SLACK_BOT_NAME - value: keel.k-space.ee - envFrom: - - secretRef: - name: application-secrets - ports: - - containerPort: 9300 - livenessProbe: - httpGet: - path: /healthz - port: 9300 - initialDelaySeconds: 30 - timeoutSeconds: 10 - readinessProbe: - httpGet: - path: /healthz - port: 9300 - initialDelaySeconds: 30 - timeoutSeconds: 10 - resources: - limits: - cpu: 100m - memory: 128Mi - requests: - cpu: 50m - memory: 64Mi - - volumeMounts: - - name: keel-data - mountPath: /data - volumeClaimTemplates: - - metadata: - name: keel-data - spec: - storageClassName: longhorn - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 2Gi