From 0f57f2c582c2babe6bbf999fbb0f6e94ae318068 Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Thu, 25 Sep 2025 18:23:05 -0500 Subject: [PATCH] kubernetes: Add example manifests --- kubernetes/deployment.yaml | 50 +++++++++++++++++++++++ kubernetes/kustomization.yaml | 6 +++ kubernetes/rbac.yaml | 77 +++++++++++++++++++++++++++++++++++ 3 files changed, 133 insertions(+) create mode 100644 kubernetes/deployment.yaml create mode 100644 kubernetes/kustomization.yaml create mode 100644 kubernetes/rbac.yaml diff --git a/kubernetes/deployment.yaml b/kubernetes/deployment.yaml new file mode 100644 index 0000000..0c0c03e --- /dev/null +++ b/kubernetes/deployment.yaml @@ -0,0 +1,50 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: k8s-reboot-coordinator + labels: + app.kubernetes.io/name: k8s-reboot-coordinator + app.kubernetes.io/component: k8s-reboot-coordinator + app.kubernetes.io/part-of: k8s-reboot-coordinator +spec: + selector: + matchLabels: + app.kubernetes.io/name: k8s-reboot-coordinator + app.kubernetes.io/component: k8s-reboot-coordinator + template: + metadata: + labels: + app.kubernetes.io/name: k8s-reboot-coordinator + app.kubernetes.io/component: k8s-reboot-coordinator + app.kubernetes.io/part-of: k8s-reboot-coordinator + spec: + containers: + - name: k8s-reboot-coordinator + image: k8s-reboot-coordinator + ports: + - name: http + containerPort: 8000 + env: + - name: RUST_LOG + value: info + - name: ROCKET_ADDRESS + value: 0.0.0.0 + startupProbe: + httpGet: + path: /healthz + port: http + periodSeconds: 1 + failureThreshold: 30 + readinessProbe: + httpGet: + path: /healthz + port: http + periodSeconds: 600 + failureThreshold: 3 + securityContext: + readOnlyRootFilesystem: true + securityContext: + runAsUser: 15473 + runAsGroup: 15473 + runAsNonRoot: true + serviceAccountName: k8s-reboot-coordinator diff --git a/kubernetes/kustomization.yaml b/kubernetes/kustomization.yaml new file mode 100644 index 0000000..26c8872 --- /dev/null +++ b/kubernetes/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- rbac.yaml +- deployment.yaml diff --git a/kubernetes/rbac.yaml b/kubernetes/rbac.yaml new file mode 100644 index 0000000..459dbe2 --- /dev/null +++ b/kubernetes/rbac.yaml @@ -0,0 +1,77 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: k8s-reboot-coordinator + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: k8s-reboot-coordinator +rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - list + - patch + - watch + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: k8s-reboot-coordinator +rules: +- apiGroups: + - '' + resources: + - nodes + verbs: + - get + - list + - patch +- apiGroups: + - '' + resources: + - pods + verbs: + - get + - list + - watch +- apiGroups: + - '' + resources: + - pods/eviction + verbs: + - create + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: k8s-reboot-coordinator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: k8s-reboot-coordinator +subjects: +- kind: ServiceAccount + name: k8s-reboot-coordinator + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: k8s-reboot-coordinator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: k8s-reboot-coordinator +subjects: +- kind: ServiceAccount + name: k8s-reboot-coordinator + namespace: default