/
azure-policy-deploy.yaml
69 lines (69 loc) · 2.07 KB
/
azure-policy-deploy.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
{{- if (and (ne .Values.azurepolicy.env.resourceid "<your_resource_id>") (and (ne .Values.azurepolicy.env.tenantid "<your_tenant_id>") (and (ne .Values.azurepolicy.env.clientid "<your_client_id>") (ne .Values.azurepolicy.env.clientsecret "<your_client_secret>")))) }}
apiVersion: v1
kind: Secret
metadata:
name: azure-policy
namespace: kube-system
type: Opaque
data:
client-secret: {{ .Values.azurepolicy.env.clientsecret | b64enc | quote }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: azure-policy
name: azure-policy
namespace: kube-system
spec:
replicas: 1
selector:
matchLabels:
app: azure-policy
template:
metadata:
labels:
app: azure-policy
name: azure-policy
spec:
serviceAccountName: azure-policy
containers:
- name: azure-policy
image: {{ .Values.azurepolicy.image.name }}:{{ .Values.azurepolicy.image.tag }}
resources:
requests:
cpu: 30m
memory: 50Mi
limits:
cpu: 100m
memory: 200Mi
imagePullPolicy: Always
env:
- name: K8S_POLICY_PREFIX
value: azurepolicy
- name: RESOURCE_ID
value: {{ .Values.azurepolicy.env.resourceid }}
- name: RESOURCE_TYPE
value: Microsoft.Kubernetes/connectedClusters
- name: CLIENT_ID
value: {{ .Values.azurepolicy.env.clientid }}
- name: TENANT_ID
value: {{ .Values.azurepolicy.env.tenantid }}
- name: DATAPLANE_ENDPOINT
value: https://gov-prod-policy-data.trafficmanager.net
- name: CLIENT_SECRET
valueFrom:
secretKeyRef:
name: azure-policy
key: client-secret
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: CURRENT_IMAGE
value: {{ .Values.azurepolicy.image.name }}:{{ .Values.azurepolicy.image.tag }}
{{- end }}