kubernetes: Add example manifests

kubernetes/deployment.yaml

@@ -0,0 +1,50 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: k8s-reboot-coordinator
+  labels:
+    app.kubernetes.io/name: k8s-reboot-coordinator
+    app.kubernetes.io/component: k8s-reboot-coordinator
+    app.kubernetes.io/part-of: k8s-reboot-coordinator
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: k8s-reboot-coordinator
+      app.kubernetes.io/component: k8s-reboot-coordinator
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: k8s-reboot-coordinator
+        app.kubernetes.io/component: k8s-reboot-coordinator
+        app.kubernetes.io/part-of: k8s-reboot-coordinator
+    spec:
+      containers:
+      - name: k8s-reboot-coordinator
+        image: k8s-reboot-coordinator
+        ports:
+        - name: http
+          containerPort: 8000
+        env:
+        - name: RUST_LOG
+          value: info
+        - name: ROCKET_ADDRESS
+          value: 0.0.0.0
+        startupProbe:
+          httpGet:
+            path: /healthz
+            port: http
+          periodSeconds: 1
+          failureThreshold: 30
+        readinessProbe:
+          httpGet:
+            path: /healthz
+            port: http
+          periodSeconds: 600
+          failureThreshold: 3
+        securityContext:
+          readOnlyRootFilesystem: true
+      securityContext:
+        runAsUser: 15473
+        runAsGroup: 15473
+        runAsNonRoot: true
+      serviceAccountName: k8s-reboot-coordinator

kubernetes/kustomization.yaml

@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- rbac.yaml
+- deployment.yaml

kubernetes/rbac.yaml

@@ -0,0 +1,77 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: k8s-reboot-coordinator
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: k8s-reboot-coordinator
+rules:
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - create
+  - get
+  - list
+  - patch
+  - watch
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: k8s-reboot-coordinator
+rules:
+- apiGroups:
+  - ''
+  resources:
+  - nodes
+  verbs:
+  - get
+  - list
+  - patch
+- apiGroups:
+  - ''
+  resources:
+  - pods
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ''
+  resources:
+  - pods/eviction
+  verbs:
+  - create
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: k8s-reboot-coordinator
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: k8s-reboot-coordinator
+subjects:
+- kind: ServiceAccount
+  name: k8s-reboot-coordinator
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: k8s-reboot-coordinator
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: k8s-reboot-coordinator
+subjects:
+- kind: ServiceAccount
+  name: k8s-reboot-coordinator
+  namespace: default