From 0c05feb150cbc98c30133daf31968ed79ebaae5f Mon Sep 17 00:00:00 2001 From: Michael O'Brien Date: Thu, 12 Dec 2024 11:48:29 -0500 Subject: [PATCH] #6 - add reloader --- src/kubernetes/eks/deployment.sh | 4 + src/kubernetes/eks/reloader.yaml | 143 +++++++++++++++++++++++++++++++ 2 files changed, 147 insertions(+) create mode 100644 src/kubernetes/eks/reloader.yaml diff --git a/src/kubernetes/eks/deployment.sh b/src/kubernetes/eks/deployment.sh index d31939d..7b8aae9 100755 --- a/src/kubernetes/eks/deployment.sh +++ b/src/kubernetes/eks/deployment.sh @@ -78,11 +78,15 @@ undeployCertManager() { } deployReloader() { + # from https://github.com/stakater/Reloader/blob/master/deployments/kubernetes/reloader.yaml + # https://github.com/ObrienlabsDev/pipeline/issues/6 echo "Deploy reloader" + kubectl apply -f reloader.yaml } undeployReloader() { echo "unDeploy reloader" + kubectl delete -f reloader.yaml } deployApps() { diff --git a/src/kubernetes/eks/reloader.yaml b/src/kubernetes/eks/reloader.yaml new file mode 100644 index 0000000..986cdb4 --- /dev/null +++ b/src/kubernetes/eks/reloader.yaml @@ -0,0 +1,143 @@ +# from 20241212 https://github.com/stakater/Reloader/blob/master/deployments/kubernetes/reloader.yaml +# see https://github.com/ObrienlabsDev/pipeline/issues/6 +apiVersion: v1 +kind: ServiceAccount +metadata: + name: reloader-reloader + namespace: default +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: reloader-reloader-role +rules: +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - list + - get + - watch +- apiGroups: + - apps + resources: + - deployments + - daemonsets + - statefulsets + verbs: + - list + - get + - update + - patch +- apiGroups: + - extensions + resources: + - deployments + - daemonsets + verbs: + - list + - get + - update + - patch +- apiGroups: + - batch + resources: + - cronjobs + verbs: + - list + - get +- apiGroups: + - batch + resources: + - jobs + verbs: + - create +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: reloader-reloader-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: reloader-reloader-role +subjects: +- kind: ServiceAccount + name: reloader-reloader + namespace: default +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: reloader-reloader + namespace: default +spec: + replicas: 1 + revisionHistoryLimit: 2 + selector: + matchLabels: + app: reloader-reloader + template: + metadata: + labels: + app: reloader-reloader + spec: + containers: + - env: + - name: GOMAXPROCS + valueFrom: + resourceFieldRef: + divisor: "1" + resource: limits.cpu + - name: GOMEMLIMIT + valueFrom: + resourceFieldRef: + divisor: "1" + resource: limits.memory + image: "ghcr.io/stakater/reloader:latest" + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 5 + httpGet: + path: /live + port: http + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: reloader-reloader + ports: + - containerPort: 9090 + name: http + readinessProbe: + failureThreshold: 5 + httpGet: + path: /metrics + port: http + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: + limits: + cpu: "1" + memory: 512Mi + requests: + cpu: 10m + memory: 512Mi + securityContext: {} + securityContext: + runAsNonRoot: true + runAsUser: 65534 + seccompProfile: + type: RuntimeDefault + serviceAccountName: reloader-reloader