--- apiVersion: v1 kind: ServiceAccount metadata: labels: app.kubernetes.io/instance: elcicd-chart-demo app.kubernetes.io/managed-by: Helm elcicd.io/selector: my-sa helm.sh/chart: elcicd-chart-0.1.0 name: my-sa namespace: my-pvc-test --- apiVersion: v1 kind: PersistentVolumeClaim metadata: labels: app.kubernetes.io/instance: elcicd-chart-demo app.kubernetes.io/managed-by: Helm elcicd.io/selector: my-data-1 helm.sh/chart: elcicd-chart-0.1.0 name: my-data-1 namespace: my-pvc-test spec: accessModes: - ReadWriteMany resources: requests: storage: 10M --- apiVersion: v1 kind: PersistentVolumeClaim metadata: labels: app.kubernetes.io/instance: elcicd-chart-demo app.kubernetes.io/managed-by: Helm elcicd.io/selector: my-data-2 helm.sh/chart: elcicd-chart-0.1.0 name: my-data-2 namespace: my-pvc-test spec: accessModes: - ReadWriteMany resources: requests: storage: 10M --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: elcicd-chart-demo app.kubernetes.io/managed-by: Helm elcicd.io/selector: my-sa-admin helm.sh/chart: elcicd-chart-0.1.0 name: my-sa-admin namespace: my-pvc-test roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: my-sa namespace: my-pvc-test --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/instance: elcicd-chart-demo app.kubernetes.io/managed-by: Helm elcicd.io/selector: read-write helm.sh/chart: elcicd-chart-0.1.0 name: read-write namespace: my-pvc-test spec: selector: elcicd.io/selector: read-write ports: - name: read-write-port port: 8080 protocol: TCP --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/instance: elcicd-chart-demo app.kubernetes.io/managed-by: Helm elcicd.io/selector: read-only helm.sh/chart: elcicd-chart-0.1.0 name: read-only namespace: my-pvc-test spec: selector: elcicd.io/selector: read-only ports: - name: read-only-port port: 8080 protocol: TCP --- apiVersion: apps/v1 kind: Deployment metadata: labels: app.kubernetes.io/instance: elcicd-chart-demo app.kubernetes.io/managed-by: Helm elcicd.io/selector: read-write helm.sh/chart: elcicd-chart-0.1.0 name: read-write namespace: my-pvc-test spec: revisionHistoryLimit: 0 selector: matchExpressions: - key: elcicd.io/selector operator: Exists matchLabels: elcicd.io/selector: read-write template: metadata: labels: app.kubernetes.io/instance: elcicd-chart-demo app.kubernetes.io/managed-by: Helm elcicd.io/selector: read-write helm.sh/chart: elcicd-chart-0.1.0 name: read-write namespace: my-pvc-test spec: containers: - name: read-write image: bash imagePullPolicy: Always ports: - name: default-port containerPort: 8080 protocol: TCP securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL args: - sleep 100000000; command: - bash - -c volumeMounts: - mountPath: /var/lib/jenkins name: my-data-1 securityContext: runAsNonRoot: true seccompProfile: type: RuntimeDefault volumes: - name: my-data-1 persistentVolumeClaim: claimName: my-data-1 --- apiVersion: apps/v1 kind: Deployment metadata: labels: app.kubernetes.io/instance: elcicd-chart-demo app.kubernetes.io/managed-by: Helm elcicd.io/selector: read-only helm.sh/chart: elcicd-chart-0.1.0 name: read-only namespace: my-pvc-test spec: revisionHistoryLimit: 0 selector: matchExpressions: - key: elcicd.io/selector operator: Exists matchLabels: elcicd.io/selector: read-only template: metadata: labels: app.kubernetes.io/instance: elcicd-chart-demo app.kubernetes.io/managed-by: Helm elcicd.io/selector: read-only helm.sh/chart: elcicd-chart-0.1.0 name: read-only namespace: my-pvc-test spec: containers: - name: read-only image: bash imagePullPolicy: Always ports: - name: default-port containerPort: 8080 protocol: TCP securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL args: - sleep 100000000; command: - bash - -c volumeMounts: - mountPath: /var/lib/jenkins name: my-data-2 securityContext: runAsNonRoot: true seccompProfile: type: RuntimeDefault serviceAccountName: "my-sa" volumes: - name: my-data-2 persistentVolumeClaim: claimName: my-data-2 ---