-
Notifications
You must be signed in to change notification settings - Fork 147
/
kustomization.yaml
134 lines (132 loc) · 3.54 KB
/
kustomization.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
# start with a default flux deployment
resources:
- gotk-components.yaml
# update flux components to use ironbank images
images:
- name: ghcr.io/fluxcd/helm-controller
newName: registry1.dso.mil/ironbank/fluxcd/helm-controller
newTag: v0.11.0
- name: ghcr.io/fluxcd/kustomize-controller
newName: registry1.dso.mil/ironbank/fluxcd/kustomize-controller
newTag: v0.13.0
- name: ghcr.io/fluxcd/notification-controller
newName: registry1.dso.mil/ironbank/fluxcd/notification-controller
newTag: v0.15.0
- name: ghcr.io/fluxcd/source-controller
newName: registry1.dso.mil/ironbank/fluxcd/source-controller
newTag: v0.14.0
patches:
- target:
kind: Deployment
patch: |-
apiVersion: apps/v1
kind: Deployment
metadata:
name: whatever
spec:
template:
metadata:
annotations:
# Required by Kubernetes node autoscaler
cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
spec:
imagePullSecrets:
- name: private-registry
terminationGracePeriodSeconds: 60
# Required by Pod Security Policy
securityContext:
runAsUser: 1000
fsGroup: 1000
containers:
- name: manager
# Required by Pod Security Policy
securityContext:
runAsUser: 1000
runAsGroup: 1000
privileged: false
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
runAsNonRoot: true
capabilities:
drop:
- ALL
- target:
kind: Deployment
name: helm-controller
patch: |-
apiVersion: apps/v1
kind: Deployment
metadata:
name: helm-controller
spec:
template:
spec:
containers:
- name: manager
resources:
limits:
cpu: 500m
memory: 750Mi
requests:
cpu: 500m
memory: 750Mi
- target:
kind: Deployment
name: kustomize-controller
patch: |-
apiVersion: apps/v1
kind: Deployment
metadata:
name: kustomize-controller
spec:
template:
spec:
containers:
- name: manager
resources:
limits:
cpu: 100m
memory: 200Mi
requests:
cpu: 100m
memory: 200Mi
- target:
kind: Deployment
name: notification-controller
patch: |-
apiVersion: apps/v1
kind: Deployment
metadata:
name: notification-controller
spec:
template:
spec:
containers:
- name: manager
resources:
limits:
cpu: 100m
memory: 100Mi
requests:
cpu: 100m
memory: 100Mi
- target:
kind: Deployment
name: source-controller
patch: |-
apiVersion: apps/v1
kind: Deployment
metadata:
name: source-controller
spec:
template:
spec:
containers:
- name: manager
resources:
limits:
cpu: 100m
memory: 150Mi
requests:
cpu: 100m
memory: 150Mi