added config path to file
Some checks failed
Build and Push Docker Image / Build image (push) Has been cancelled
Some checks failed
Build and Push Docker Image / Build image (push) Has been cancelled
This commit is contained in:
parent
f83de32368
commit
39f1c0d92c
@ -146,8 +146,13 @@ func main() {
|
|||||||
setupLog.Error(err, "unable to start manager")
|
setupLog.Error(err, "unable to start manager")
|
||||||
os.Exit(1)
|
os.Exit(1)
|
||||||
}
|
}
|
||||||
|
configPath := os.Getenv("CONFIG_PATH")
|
||||||
|
if configPath == "" {
|
||||||
|
configPath = "config.yaml"
|
||||||
|
}
|
||||||
|
|
||||||
config := &controller.ServerManagerReconcilerConfig{}
|
config := &controller.ServerManagerReconcilerConfig{}
|
||||||
configData, err := os.ReadFile("config.yaml")
|
configData, err := os.ReadFile(configPath)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
setupLog.Error(err, "unable to read config file")
|
setupLog.Error(err, "unable to read config file")
|
||||||
}
|
}
|
||||||
|
|||||||
31
config/manager/config.yaml
Normal file
31
config/manager/config.yaml
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
# https://kubernetes.io/docs/concepts/configuration/configmap/
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: server-manager-config
|
||||||
|
namespace: server-manager
|
||||||
|
data:
|
||||||
|
config.yaml: |
|
||||||
|
domain_label: "ddns.acooldomain.co/hostname"
|
||||||
|
default_domain: "acooldomain.co"
|
||||||
|
browser:
|
||||||
|
domain: games.acooldomain.co
|
||||||
|
sub_path: /browsers
|
||||||
|
auth_header: x-authentik-username
|
||||||
|
cert_resolver: letsencrypt
|
||||||
|
entrypoints:
|
||||||
|
- websecure
|
||||||
|
|
||||||
|
additional_routes:
|
||||||
|
- kind: Rule
|
||||||
|
match: "Host(`games.acooldomain.co`) && PathPrefix(`/outpost.goauthentik.io/`)"
|
||||||
|
priority: 15
|
||||||
|
services:
|
||||||
|
- kind: Service
|
||||||
|
name: ak-outpost-traefik
|
||||||
|
namespace: authentik
|
||||||
|
port: 9000
|
||||||
|
|
||||||
|
middleware:
|
||||||
|
name: authentik
|
||||||
|
namespace: authentik
|
||||||
@ -1,2 +1,3 @@
|
|||||||
resources:
|
resources:
|
||||||
- manager.yaml
|
- config.yaml
|
||||||
|
- manager.yaml
|
||||||
|
|||||||
@ -5,13 +5,13 @@ metadata:
|
|||||||
control-plane: controller-manager
|
control-plane: controller-manager
|
||||||
app.kubernetes.io/name: kubernetes-operator
|
app.kubernetes.io/name: kubernetes-operator
|
||||||
app.kubernetes.io/managed-by: kustomize
|
app.kubernetes.io/managed-by: kustomize
|
||||||
name: system
|
name: server-manager
|
||||||
---
|
---
|
||||||
apiVersion: apps/v1
|
apiVersion: apps/v1
|
||||||
kind: Deployment
|
kind: Deployment
|
||||||
metadata:
|
metadata:
|
||||||
name: controller-manager
|
name: controller-manager
|
||||||
namespace: system
|
namespace: server-manager
|
||||||
labels:
|
labels:
|
||||||
control-plane: controller-manager
|
control-plane: controller-manager
|
||||||
app.kubernetes.io/name: kubernetes-operator
|
app.kubernetes.io/name: kubernetes-operator
|
||||||
@ -48,6 +48,11 @@ spec:
|
|||||||
# operator: In
|
# operator: In
|
||||||
# values:
|
# values:
|
||||||
# - linux
|
# - linux
|
||||||
|
volumes:
|
||||||
|
- name: config
|
||||||
|
configMap:
|
||||||
|
name: server-manager-config
|
||||||
|
|
||||||
securityContext:
|
securityContext:
|
||||||
runAsNonRoot: true
|
runAsNonRoot: true
|
||||||
# TODO(user): For common cases that do not require escalating privileges
|
# TODO(user): For common cases that do not require escalating privileges
|
||||||
@ -55,41 +60,44 @@ spec:
|
|||||||
# More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
|
# More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
|
||||||
# Please uncomment the following code if your project does NOT have to work on old Kubernetes
|
# Please uncomment the following code if your project does NOT have to work on old Kubernetes
|
||||||
# versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ).
|
# versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ).
|
||||||
# seccompProfile:
|
seccompProfile:
|
||||||
# type: RuntimeDefault
|
type: RuntimeDefault
|
||||||
containers:
|
containers:
|
||||||
- command:
|
- command:
|
||||||
- /manager
|
- /manager
|
||||||
args:
|
image: git.acooldomain.co/server-manager/kubernetes-operator:v0.0.3
|
||||||
- --leader-elect
|
env:
|
||||||
- --health-probe-bind-address=:8081
|
- name: CONFIG_PATH
|
||||||
image: controller:latest
|
value: /etc/server-manager/config.yaml
|
||||||
name: manager
|
volumeMounts:
|
||||||
securityContext:
|
- name: config
|
||||||
allowPrivilegeEscalation: false
|
mountPath: /etc/server-manager
|
||||||
capabilities:
|
name: manager
|
||||||
drop:
|
securityContext:
|
||||||
- "ALL"
|
allowPrivilegeEscalation: false
|
||||||
livenessProbe:
|
capabilities:
|
||||||
httpGet:
|
drop:
|
||||||
path: /healthz
|
- "ALL"
|
||||||
port: 8081
|
livenessProbe:
|
||||||
initialDelaySeconds: 15
|
httpGet:
|
||||||
periodSeconds: 20
|
path: /healthz
|
||||||
readinessProbe:
|
port: 8081
|
||||||
httpGet:
|
initialDelaySeconds: 15
|
||||||
path: /readyz
|
periodSeconds: 20
|
||||||
port: 8081
|
readinessProbe:
|
||||||
initialDelaySeconds: 5
|
httpGet:
|
||||||
periodSeconds: 10
|
path: /readyz
|
||||||
# TODO(user): Configure the resources accordingly based on the project requirements.
|
port: 8081
|
||||||
# More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
|
initialDelaySeconds: 5
|
||||||
resources:
|
periodSeconds: 10
|
||||||
limits:
|
# TODO(user): Configure the resources accordingly based on the project requirements.
|
||||||
cpu: 500m
|
# More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
|
||||||
memory: 128Mi
|
resources:
|
||||||
requests:
|
limits:
|
||||||
cpu: 10m
|
cpu: 500m
|
||||||
memory: 64Mi
|
memory: 128Mi
|
||||||
serviceAccountName: controller-manager
|
requests:
|
||||||
|
cpu: 10m
|
||||||
|
memory: 64Mi
|
||||||
|
serviceAccountName: server-manager
|
||||||
terminationGracePeriodSeconds: 10
|
terminationGracePeriodSeconds: 10
|
||||||
|
|||||||
@ -2,69 +2,81 @@
|
|||||||
apiVersion: rbac.authorization.k8s.io/v1
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
kind: ClusterRole
|
kind: ClusterRole
|
||||||
metadata:
|
metadata:
|
||||||
name: manager-role
|
name: server-manager-role
|
||||||
rules:
|
rules:
|
||||||
- resources:
|
- resources:
|
||||||
- persistentvolumeclaims
|
- persistentvolumeclaims
|
||||||
- services
|
- services
|
||||||
verbs:
|
verbs:
|
||||||
- create
|
- create
|
||||||
- delete
|
- delete
|
||||||
- get
|
- get
|
||||||
- list
|
- list
|
||||||
- patch
|
- patch
|
||||||
- update
|
- update
|
||||||
- watch
|
- watch
|
||||||
- resources:
|
apiGroups:
|
||||||
- pods
|
- ""
|
||||||
verbs:
|
- resources:
|
||||||
- create
|
- pods
|
||||||
- delete
|
verbs:
|
||||||
- get
|
- create
|
||||||
- list
|
- delete
|
||||||
- watch
|
- get
|
||||||
- apiGroups:
|
- list
|
||||||
- server-manager.acooldomain.co
|
- watch
|
||||||
resources:
|
apiGroups:
|
||||||
- images
|
- ""
|
||||||
verbs:
|
- apiGroups:
|
||||||
- get
|
- ""
|
||||||
- list
|
resources:
|
||||||
- apiGroups:
|
- nodes
|
||||||
- server-manager.acooldomain.co
|
verbs:
|
||||||
resources:
|
- get
|
||||||
- servermanagers
|
- list
|
||||||
verbs:
|
- apiGroups:
|
||||||
- create
|
- server-manager.acooldomain.co
|
||||||
- delete
|
resources:
|
||||||
- get
|
- images
|
||||||
- list
|
verbs:
|
||||||
- patch
|
- get
|
||||||
- update
|
- list
|
||||||
- watch
|
- watch
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
- server-manager.acooldomain.co
|
- server-manager.acooldomain.co
|
||||||
resources:
|
resources:
|
||||||
- servermanagers/finalizers
|
- servermanagers
|
||||||
verbs:
|
verbs:
|
||||||
- update
|
- create
|
||||||
- apiGroups:
|
- delete
|
||||||
- server-manager.acooldomain.co
|
- get
|
||||||
resources:
|
- list
|
||||||
- servermanagers/status
|
- patch
|
||||||
verbs:
|
- update
|
||||||
- get
|
- watch
|
||||||
- patch
|
- apiGroups:
|
||||||
- update
|
- server-manager.acooldomain.co
|
||||||
- apiGroups:
|
resources:
|
||||||
- traefik.io
|
- servermanagers/finalizers
|
||||||
resources:
|
verbs:
|
||||||
- ingressroutes
|
- update
|
||||||
verbs:
|
- apiGroups:
|
||||||
- create
|
- server-manager.acooldomain.co
|
||||||
- delete
|
resources:
|
||||||
- get
|
- servermanagers/status
|
||||||
- list
|
verbs:
|
||||||
- patch
|
- get
|
||||||
- update
|
- patch
|
||||||
- watch
|
- update
|
||||||
|
- apiGroups:
|
||||||
|
- traefik.io
|
||||||
|
resources:
|
||||||
|
- ingressroutes
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- delete
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- patch
|
||||||
|
- update
|
||||||
|
- watch
|
||||||
|
|||||||
@ -4,12 +4,12 @@ metadata:
|
|||||||
labels:
|
labels:
|
||||||
app.kubernetes.io/name: kubernetes-operator
|
app.kubernetes.io/name: kubernetes-operator
|
||||||
app.kubernetes.io/managed-by: kustomize
|
app.kubernetes.io/managed-by: kustomize
|
||||||
name: manager-rolebinding
|
name: server-manager-rolebinding
|
||||||
roleRef:
|
roleRef:
|
||||||
apiGroup: rbac.authorization.k8s.io
|
apiGroup: rbac.authorization.k8s.io
|
||||||
kind: ClusterRole
|
kind: ClusterRole
|
||||||
name: manager-role
|
name: server-manager-role
|
||||||
subjects:
|
subjects:
|
||||||
- kind: ServiceAccount
|
- kind: ServiceAccount
|
||||||
name: controller-manager
|
name: server-manager
|
||||||
namespace: system
|
namespace: server-manager
|
||||||
|
|||||||
@ -4,5 +4,5 @@ metadata:
|
|||||||
labels:
|
labels:
|
||||||
app.kubernetes.io/name: kubernetes-operator
|
app.kubernetes.io/name: kubernetes-operator
|
||||||
app.kubernetes.io/managed-by: kustomize
|
app.kubernetes.io/managed-by: kustomize
|
||||||
name: controller-manager
|
name: server-manager
|
||||||
namespace: system
|
namespace: server-manager
|
||||||
|
|||||||
@ -301,7 +301,7 @@ func (r *ServerManagerReconciler) Reconcile(ctx context.Context, req ctrl.Reques
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if errors.IsNotFound(err) && !s.Spec.Server.On {
|
if errors.IsNotFound(err) && !s.Spec.Browser.On {
|
||||||
if s.Status.Browser.Running {
|
if s.Status.Browser.Running {
|
||||||
s.Status.Browser.Running = false
|
s.Status.Browser.Running = false
|
||||||
statusChanged = true
|
statusChanged = true
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user