evan.jarrett.net / loom
Kubernetes Operator for Tangled Spindles
fork atom
loom / config / default / kustomization.yaml
at main 234 lines 7.6 kB view raw
evan.jarrett.net init commit
6c6437b2
1# Adds namespace to all resources. 2namespace: loom-system 3 4# Value of this field is prepended to the 5# names of all resources, e.g. a deployment named 6# "wordpress" becomes "alices-wordpress". 7# Note that it should also match with the prefix (text before '-') of the namespace 8# field above. 9namePrefix: loom- 10 11# Labels to add to all resources and selectors. 12#labels: 13#- includeSelectors: true 14# pairs: 15# someName: someValue 16 17resources: 18- ../crd 19- ../rbac 20- ../manager 21# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in 22# crd/kustomization.yaml 23#- ../webhook 24# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required. 25#- ../certmanager 26# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. 27#- ../prometheus 28# [METRICS] Expose the controller manager metrics service. 29- metrics_service.yaml 30# [NETWORK POLICY] Protect the /metrics endpoint and Webhook Server with NetworkPolicy. 31# Only Pod(s) running a namespace labeled with 'metrics: enabled' will be able to gather the metrics. 32# Only CR(s) which requires webhooks and are applied on namespaces labeled with 'webhooks: enabled' will 33# be able to communicate with the Webhook Server. 34#- ../network-policy 35 36# Uncomment the patches line if you enable Metrics 37patches: 38# [METRICS] The following patch will enable the metrics endpoint using HTTPS and the port :8443. 39# More info: https://book.kubebuilder.io/reference/metrics 40- path: manager_metrics_patch.yaml 41 target: 42 kind: Deployment 43 44# Uncomment the patches line if you enable Metrics and CertManager 45# [METRICS-WITH-CERTS] To enable metrics protected with certManager, uncomment the following line. 46# This patch will protect the metrics with certManager self-signed certs. 47#- path: cert_metrics_manager_patch.yaml 48# target: 49# kind: Deployment 50 51# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in 52# crd/kustomization.yaml 53#- path: manager_webhook_patch.yaml 54# target: 55# kind: Deployment 56 57# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix. 58# Uncomment the following replacements to add the cert-manager CA injection annotations 59#replacements: 60# - source: # Uncomment the following block to enable certificates for metrics 61# kind: Service 62# version: v1 63# name: controller-manager-metrics-service 64# fieldPath: metadata.name 65# targets: 66# - select: 67# kind: Certificate 68# group: cert-manager.io 69# version: v1 70# name: metrics-certs 71# fieldPaths: 72# - spec.dnsNames.0 73# - spec.dnsNames.1 74# options: 75# delimiter: '.' 76# index: 0 77# create: true 78# - select: # Uncomment the following to set the Service name for TLS config in Prometheus ServiceMonitor 79# kind: ServiceMonitor 80# group: monitoring.coreos.com 81# version: v1 82# name: controller-manager-metrics-monitor 83# fieldPaths: 84# - spec.endpoints.0.tlsConfig.serverName 85# options: 86# delimiter: '.' 87# index: 0 88# create: true 89# 90# - source: 91# kind: Service 92# version: v1 93# name: controller-manager-metrics-service 94# fieldPath: metadata.namespace 95# targets: 96# - select: 97# kind: Certificate 98# group: cert-manager.io 99# version: v1 100# name: metrics-certs 101# fieldPaths: 102# - spec.dnsNames.0 103# - spec.dnsNames.1 104# options: 105# delimiter: '.' 106# index: 1 107# create: true 108# - select: # Uncomment the following to set the Service namespace for TLS in Prometheus ServiceMonitor 109# kind: ServiceMonitor 110# group: monitoring.coreos.com 111# version: v1 112# name: controller-manager-metrics-monitor 113# fieldPaths: 114# - spec.endpoints.0.tlsConfig.serverName 115# options: 116# delimiter: '.' 117# index: 1 118# create: true 119# 120# - source: # Uncomment the following block if you have any webhook 121# kind: Service 122# version: v1 123# name: webhook-service 124# fieldPath: .metadata.name # Name of the service 125# targets: 126# - select: 127# kind: Certificate 128# group: cert-manager.io 129# version: v1 130# name: serving-cert 131# fieldPaths: 132# - .spec.dnsNames.0 133# - .spec.dnsNames.1 134# options: 135# delimiter: '.' 136# index: 0 137# create: true 138# - source: 139# kind: Service 140# version: v1 141# name: webhook-service 142# fieldPath: .metadata.namespace # Namespace of the service 143# targets: 144# - select: 145# kind: Certificate 146# group: cert-manager.io 147# version: v1 148# name: serving-cert 149# fieldPaths: 150# - .spec.dnsNames.0 151# - .spec.dnsNames.1 152# options: 153# delimiter: '.' 154# index: 1 155# create: true 156# 157# - source: # Uncomment the following block if you have a ValidatingWebhook (--programmatic-validation) 158# kind: Certificate 159# group: cert-manager.io 160# version: v1 161# name: serving-cert # This name should match the one in certificate.yaml 162# fieldPath: .metadata.namespace # Namespace of the certificate CR 163# targets: 164# - select: 165# kind: ValidatingWebhookConfiguration 166# fieldPaths: 167# - .metadata.annotations.[cert-manager.io/inject-ca-from] 168# options: 169# delimiter: '/' 170# index: 0 171# create: true 172# - source: 173# kind: Certificate 174# group: cert-manager.io 175# version: v1 176# name: serving-cert 177# fieldPath: .metadata.name 178# targets: 179# - select: 180# kind: ValidatingWebhookConfiguration 181# fieldPaths: 182# - .metadata.annotations.[cert-manager.io/inject-ca-from] 183# options: 184# delimiter: '/' 185# index: 1 186# create: true 187# 188# - source: # Uncomment the following block if you have a DefaultingWebhook (--defaulting ) 189# kind: Certificate 190# group: cert-manager.io 191# version: v1 192# name: serving-cert 193# fieldPath: .metadata.namespace # Namespace of the certificate CR 194# targets: 195# - select: 196# kind: MutatingWebhookConfiguration 197# fieldPaths: 198# - .metadata.annotations.[cert-manager.io/inject-ca-from] 199# options: 200# delimiter: '/' 201# index: 0 202# create: true 203# - source: 204# kind: Certificate 205# group: cert-manager.io 206# version: v1 207# name: serving-cert 208# fieldPath: .metadata.name 209# targets: 210# - select: 211# kind: MutatingWebhookConfiguration 212# fieldPaths: 213# - .metadata.annotations.[cert-manager.io/inject-ca-from] 214# options: 215# delimiter: '/' 216# index: 1 217# create: true 218# 219# - source: # Uncomment the following block if you have a ConversionWebhook (--conversion) 220# kind: Certificate 221# group: cert-manager.io 222# version: v1 223# name: serving-cert 224# fieldPath: .metadata.namespace # Namespace of the certificate CR 225# targets: # Do not remove or uncomment the following scaffold marker; required to generate code for target CRD. 226# +kubebuilder:scaffold:crdkustomizecainjectionns 227# - source: 228# kind: Certificate 229# group: cert-manager.io 230# version: v1 231# name: serving-cert 232# fieldPath: .metadata.name 233# targets: # Do not remove or uncomment the following scaffold marker; required to generate code for target CRD. 234# +kubebuilder:scaffold:crdkustomizecainjectionname