Created
August 5, 2020 15:37
-
-
Save fatred/6ed7d376d8e767337d0e7f98ef789239 to your computer and use it in GitHub Desktop.
Complete PSP enabled deployment of cheese (with cert-manager hooks)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| kind: Namespace | |
| apiVersion: v1 | |
| metadata: | |
| name: cheese | |
| --- | |
| apiVersion: policy/v1beta1 | |
| kind: PodSecurityPolicy | |
| metadata: | |
| name: no-privilege | |
| namespace: cheese | |
| spec: | |
| privileged: false | |
| seLinux: | |
| rule: RunAsAny | |
| supplementalGroups: | |
| rule: RunAsAny | |
| runAsUser: | |
| rule: RunAsAny | |
| fsGroup: | |
| rule: RunAsAny | |
| volumes: | |
| - '*' | |
| --- | |
| kind: ClusterRole | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| metadata: | |
| name: no-privilege:no-privilege | |
| namespace: cheese | |
| rules: | |
| - apiGroups: | |
| - policy | |
| resources: | |
| - podsecuritypolicies | |
| resourceNames: | |
| - no-privilege | |
| verbs: | |
| - use | |
| --- | |
| kind: ClusterRoleBinding | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| metadata: | |
| name: no-privilege:no-privilege | |
| namespace: cheese | |
| subjects: | |
| - kind: Group | |
| name: system:authenticated | |
| apiGroup: rbac.authorization.k8s.io | |
| roleRef: | |
| kind: ClusterRole | |
| name: no-privilege:no-privilege | |
| apiGroup: rbac.authorization.k8s.io | |
| --- | |
| kind: Deployment | |
| apiVersion: apps/v1 | |
| metadata: | |
| name: stilton | |
| namespace: cheese | |
| labels: | |
| app: cheese | |
| cheese: stilton | |
| spec: | |
| replicas: 2 | |
| selector: | |
| matchLabels: | |
| app: cheese | |
| task: stilton | |
| template: | |
| metadata: | |
| labels: | |
| app: cheese | |
| task: stilton | |
| version: v0.0.1 | |
| spec: | |
| containers: | |
| - name: cheese | |
| image: errm/cheese:stilton | |
| resources: | |
| requests: | |
| cpu: 100m | |
| memory: 50Mi | |
| limits: | |
| cpu: 100m | |
| memory: 50Mi | |
| ports: | |
| - containerPort: 80 | |
| --- | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: stilton | |
| namespace: cheese | |
| spec: | |
| selector: | |
| app: cheese | |
| task: stilton | |
| ports: | |
| - protocol: TCP | |
| port: 8080 | |
| targetPort: 80 | |
| --- | |
| apiVersion: extensions/v1beta1 | |
| kind: Ingress | |
| metadata: | |
| name: stilton | |
| namespace: cheese | |
| annotations: | |
| cert-manager.io/cluster-issuer: letsencrypt | |
| spec: | |
| rules: | |
| - host: stilton.pks-dev.fatred.co.uk | |
| http: | |
| paths: | |
| - backend: | |
| serviceName: stilton | |
| servicePort: 8080 | |
| path: / | |
| tls: | |
| - hosts: | |
| - stilton.pks-dev.fatred.co.uk | |
| secretName: stilton-tls | |
| --- | |
| kind: Deployment | |
| apiVersion: apps/v1 | |
| metadata: | |
| name: cheddar | |
| namespace: cheese | |
| labels: | |
| app: cheese | |
| cheese: cheddar | |
| spec: | |
| replicas: 2 | |
| selector: | |
| matchLabels: | |
| app: cheese | |
| task: cheddar | |
| template: | |
| metadata: | |
| labels: | |
| app: cheese | |
| task: cheddar | |
| version: v0.0.1 | |
| spec: | |
| containers: | |
| - name: cheese | |
| image: errm/cheese:cheddar | |
| resources: | |
| requests: | |
| cpu: 100m | |
| memory: 50Mi | |
| limits: | |
| cpu: 100m | |
| memory: 50Mi | |
| ports: | |
| - containerPort: 80 | |
| --- | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: cheddar | |
| namespace: cheese | |
| spec: | |
| selector: | |
| app: cheese | |
| task: cheddar | |
| ports: | |
| - protocol: TCP | |
| port: 8080 | |
| targetPort: 80 | |
| --- | |
| apiVersion: extensions/v1beta1 | |
| kind: Ingress | |
| metadata: | |
| name: cheddar | |
| namespace: cheese | |
| annotations: | |
| cert-manager.io/cluster-issuer: letsencrypt | |
| spec: | |
| rules: | |
| - host: cheddar.pks-dev.fatred.co.uk | |
| http: | |
| paths: | |
| - backend: | |
| serviceName: cheddar | |
| servicePort: 8080 | |
| path: / | |
| tls: | |
| - hosts: | |
| - cheddar.pks-dev.fatred.co.uk | |
| secretName: cheddar-tls | |
| --- | |
| kind: Deployment | |
| apiVersion: apps/v1 | |
| metadata: | |
| name: wensleydale | |
| namespace: cheese | |
| labels: | |
| app: cheese | |
| cheese: wensleydale | |
| spec: | |
| replicas: 2 | |
| selector: | |
| matchLabels: | |
| app: cheese | |
| task: wensleydale | |
| template: | |
| metadata: | |
| labels: | |
| app: cheese | |
| task: wensleydale | |
| version: v0.0.1 | |
| spec: | |
| containers: | |
| - name: cheese | |
| image: errm/cheese:wensleydale | |
| resources: | |
| requests: | |
| cpu: 100m | |
| memory: 50Mi | |
| limits: | |
| cpu: 100m | |
| memory: 50Mi | |
| ports: | |
| - containerPort: 80 | |
| --- | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: wensleydale | |
| namespace: cheese | |
| spec: | |
| selector: | |
| app: cheese | |
| task: wensleydale | |
| ports: | |
| - protocol: TCP | |
| port: 8080 | |
| targetPort: 80 | |
| --- | |
| apiVersion: extensions/v1beta1 | |
| kind: Ingress | |
| metadata: | |
| name: wensleydale | |
| namespace: cheese | |
| annotations: | |
| cert-manager.io/cluster-issuer: letsencrypt | |
| spec: | |
| rules: | |
| - host: wensleydale.pks-dev.fatred.co.uk | |
| http: | |
| paths: | |
| - backend: | |
| serviceName: wensleydale | |
| servicePort: 8080 | |
| path: / | |
| tls: | |
| - hosts: | |
| - wensleydale.pks-dev.fatred.co.uk | |
| secretName: wensleydale-tls | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment