jprdonnelly/wellsky-poc
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

* Comparing rendered templates

Browse Source 
* Format editing on templated-djx-test.yaml
This commit is contained in:
Justin Donnelly
2020-11-10 10:51:32 -05:00
parent 7ae4ccb061
commit 568465a31d
4 changed files with 14982 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

196
djx-values.yaml Normal file
View File

@@ -0,0 +1,196 @@
global:
persistence:
storageClass: nfs-client
# imageRegistry: "jprdonnelly.com:5000/qlik-docker-qsefe.bintray.io"
#imagePullSecrets:
#- name: regcred
#certs:
# enabled: true
# configMap:
# create: true
# name: "{{ .Release.Name}}-ca-certs"
# certs: |+
# -----BEGIN CERTIFICATE-----
# MIICyDCCAbCgAwIBAgIBADANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwprdWJl
# cm5ldGVzMB4XDTIwMDMzMTEzMTk1OVoXDTMwMDMyOTEzMTk1OVowFTETMBEGA1UE
# AxMKa3ViZXJuZXRlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJmf
# 3NkA9G73lmY7RYrUcTS4XmuPY3gldeXlxxzHWvpClDTXec3Q5WvNix7zPgQ5i9N0
# o/eF8w9htSJ0K7RIHZeWrl6s9QWULHY44IdunMi45XwsRhLo13239kovOgeKg8GU
# f8umcnR5N4l3Kg8k6PZaUXxir38KKddG5Wy8fDqjGyGIFdztHJjDx7YU6UDf7BZY
# +is80ihYx/Q7vmexhkK+4gPvzsZ4dpH4KWScVKSwimxQKn8XV2q2KOoiJTXRfrVJ
# wYkC3fSAuAXh7OcqiYT2NrcnA1Vbx/Yha9ZtaBI+hizwWLAerBK3UtlTI/oW6+hY
# I/XNP2pTaJD6lEwS19cCAwEAAaMjMCEwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB
# /wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFk3PfxKk4zZopldd4q+XWHv8C1s
# VzDQI01362Wat5x8K/Cas2c+xSOL/v8geUFxMqH9tXrestqDkcKOrnUJgkKdWQfP
# bjidq7Di72vCnfx7t7XF8Tx4p/z6T1TCS0ni3aYBimK3qzDQv0H7TZjoxsBJjvQs
# 28JZZYYgz89lRlBzm/VkKKa1pKtFaI6Em8AfmdHJ0YL3lnmoSnZ2BxhIxqJGYP6J
# gY6xVB05R5+bTx3yJ3qRH90FYBiCWS5eIbPxiiYjpu3REJGao1GUuT5sU5oPKSop
# 4GQnoSU0apwGSA0rRXCr3x2sL2DWiqEV4nLuf+NzDQsQ3IQJmGirEvu8iiA=
# -----END CERTIFICATE-----
## dev-portal contains the configurations for the dev-portal sub-chart
dev-portal:
enabled: true
deployment:
replicas: 1
container:
## deployment resource limits
resources:
limits:
cpu: null
memory: null
requests:
cpu: null
memory: null
## edge-auth contains the configurations for the edge-auth sub-chart and authentication
edge-auth:
mongodb: # set this to false to avoid attempting to create separate secrets
enabled: false
nats: # set this to true to enable messaging
enabled: true
service:
type: ClusterIP
port: 8080
oidc:
enabled: false
identity-providers:
secrets:
idpConfigs:
# Azure ADFS
#- clientId: babf7e6d-6ba5-4bea-9577-bbd5f5833dc8
#clientSecret: oFx06?s=Zex7vRV[ftIQQCGkWZgwQH@6
#discoveryUrl: https://login.microsoftonline.com/af29fd92-901c-4b92-9781-5347a3bdb863/v2.0/.well-known/openid-configuration
# hostname: qliksense.browntown.local
#realm: ADFS
#scope: "openid email profile"
#claimsMapping:
# sub: ["sub", "appid"]
# client_id: "appid"
#name: "display_name"
# groups: "groups" # Auth0
# - clientId: 9kohQL0166VN7RcEv7P7li0gWPBjbiZO
# clientSecret: NLwAqaeyGr38xl19Xb9lBXjt5ra1U-_5LKuFwxBnzvSsqmAUXaT6T7BeQGgIRYOd
# discoveryUrl: https://djx.auth0.com/.well-known/openid-configuration
# hostname: qliksense.browntown.local
# realm: Auth0
# useClaimsFromIdToken: true
# Keycloak
- clientId: browntown
clientSecret: "4f430d09-80ec-4b1d-801f-c4d3df5efe3e"
discoveryUrl: http://keycloak.browntown.local/auth/realms/browntown/.well-known/openid-configuration
hostname: qliksense.browntown.local
realm: keycloak
#useClaimsFromIdToken: true
claimsMapping:
name: ["name", "preferred_username"]
sub: ["preferred_username"]
groups: ["groupmemberships"]
mongodb:
####### MongoDB Atlas
#uri: "mongodb+srv://qseok:c4hoW8GQRPTBQbEF@qlikdb-wn7on.gcp.mongodb.net/qsefe?retryWrites=true&w=majority"
#uri: "mongodb+srv://qseok:Iy5YvrBH1Q0PGTXJ@browntown-y9m0r.mongodb.net/qsefe?retryWrites=true&w=majority"
####### LocalLAN Container
# uri: "mongodb://192.168.2.5:27017/qsefe?ssl=false"
# uriWebIntegrations: "mongodb://192.168.2.5:27017/qsefe?ssl=false"
####### Internal Cluster MongoDB ReplicaSet
#uri: "mongodb://qsefe:qsefe@mongodb-primary-0.mongodb-headless.mongodb.svc.cluster.local,mongodb-secondary-0.mongodb-headless.mongodb.svc.cluster.local/qsefe?replicaSet=rs0&ssl=false"
uri: "mongodb://qsefe:qsefe@mongodb-headless.mongodb.svc.cluster.local/qsefe?replicaSet=rs0&ssl=false"
####### Security
usePassword: true
uriSecretName: "qseok-mongoconfig"
ssl: false
sslValidate: false
checkServerIdentity: false
engine:
acceptEULA: "yes"
groups:
enabled: true
featureflags:
enabled: true
# ingress:
# annotations:
# nginx.ingress.kubernetes.io/proxy-body-size: 10240m
# nginx.org/client-max-body-size: 10240m
# replicaCount: 1
# Defines the persistence layer of the engine - ReadWriteMany is required for multiple engines
# persistence:
# enabled: true
# autoSave:
# enabled: true
# interval: 5
# accessMode: ReadWriteMany
# size: 5Gi
# logging:
# HttpTrafficLogVerbosity: 6
# TrafficLogVerbosity: 0
# SystemLogVerbosity: 6
# AuditLogVerbosity: 0
# PerformanceLogVerbosity: 0
# QixPerformanceLogVerbosity: 0
# SessionLogVerbosity: 4
# SmartSearchQueryLogVerbosity: 3
# SmartSearchIndexLogVerbosity: 3
# ScriptLogVerbosity: 4
# SSEVerbosity: 4
# 1GExternalServicesLogVerbosity: 4
# EnableDebugTracing: false
#elastic-infra:
# ingress:
# host: "qliksense.browntown.local"
# class: "qlik-nginx"
# tls:
# - secretName: jprdonnelly-ssl
# hosts:
# - "qseok.browntown.local"
# annotations:
# - nginx.ingress.kubernetes.io/proxy-body-size: 10240m
# - nginx.org/client-max-body-size: 10240m
# nginx-ingress:
# enabled: false
# extraArgs:
# default-ssl-certificate: qlik/jprdonnelly-ssl
# service:
# annotations:
# service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '3600'
# # https://gowalker.org/k8s.io/kubernetes/pkg/cloudprovider/providers/azure#_constants
# service.beta.kubernetes.io/azure-load-balancer-tcp-idle-timeout: '3600'
# licenses:
# ## Proxy configuration
# ## Set the following values when deploying behind a proxy
# proxy:
# ## The URI to the tunneling proxy scheme://host:port (e.g. http://proxy.company.com:8888)
# uri:
featureflags:
logLevel: "verbose"
configmaps:
create: true
featureFlagsConfig:
{
"globalFeatures": {
"HUB_MANAGED_SPACES": true,
"HOME_HOME": true,
"MANAGEMENT_CONSOLE_SPACE_MANAGEMENT_EDIT_ENABLED": true,
"MANAGEMENT_CONSOLE_SPACE_MANAGEMENT_MANAGED_SPACES_ENABLED": true,
"MANAGEMENT_CONSOLE_SPACE_MANAGEMENT_SORT_FILTER_ENABLED": true,
"HUB_GROUPS": true,
"createIdpGroups": true,
"includeGroupIdsInUserJwt": true,
"excludeGroupsFromJwt": true,
"MANAGEMENT_CONSOLE_GROUPS_ENABLED": true,
"sfdc": true,
"enableCsrf": true,
"apiClientsEnabled": true,
"AUDIT_ARCHIVE_ENABLED": true
},
"tenantFeatures": {},
"userFeatures": {}
}

664
ingress-nginx.yaml Normal file
View File

@@ -0,0 +1,664 @@
apiVersion: v1
kind: Namespace
metadata:
name: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
---
# Source: ingress-nginx/templates/controller-serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
helm.sh/chart: ingress-nginx-3.8.0
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.41.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
name: ingress-nginx
namespace: ingress-nginx
---
# Source: ingress-nginx/templates/controller-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
labels:
helm.sh/chart: ingress-nginx-3.8.0
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.41.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
name: ingress-nginx-controller
namespace: ingress-nginx
data:
---
# Source: ingress-nginx/templates/clusterrole.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
helm.sh/chart: ingress-nginx-3.8.0
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.41.0
app.kubernetes.io/managed-by: Helm
name: ingress-nginx
rules:
- apiGroups:
- ''
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
verbs:
- list
- watch
- apiGroups:
- ''
resources:
- nodes
verbs:
- get
- apiGroups:
- ''
resources:
- services
verbs:
- get
- list
- update
- watch
- apiGroups:
- extensions
- networking.k8s.io # k8s 1.14+
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- ''
resources:
- events
verbs:
- create
- patch
- apiGroups:
- extensions
- networking.k8s.io # k8s 1.14+
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io # k8s 1.14+
resources:
- ingressclasses
verbs:
- get
- list
- watch
---
# Source: ingress-nginx/templates/clusterrolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
helm.sh/chart: ingress-nginx-3.8.0
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.41.0
app.kubernetes.io/managed-by: Helm
name: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ingress-nginx
subjects:
- kind: ServiceAccount
name: ingress-nginx
namespace: ingress-nginx
---
# Source: ingress-nginx/templates/controller-role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
helm.sh/chart: ingress-nginx-3.8.0
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.41.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
name: ingress-nginx
namespace: ingress-nginx
rules:
- apiGroups:
- ''
resources:
- namespaces
verbs:
- get
- apiGroups:
- ''
resources:
- configmaps
- pods
- secrets
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
- ''
resources:
- services
verbs:
- get
- list
- update
- watch
- apiGroups:
- extensions
- networking.k8s.io # k8s 1.14+
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io # k8s 1.14+
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io # k8s 1.14+
resources:
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- ''
resources:
- configmaps
resourceNames:
- ingress-controller-leader-nginx
verbs:
- get
- update
- apiGroups:
- ''
resources:
- configmaps
verbs:
- create
- apiGroups:
- ''
resources:
- endpoints
verbs:
- create
- get
- update
- apiGroups:
- ''
resources:
- events
verbs:
- create
- patch
---
# Source: ingress-nginx/templates/controller-rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
helm.sh/chart: ingress-nginx-3.8.0
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.41.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
name: ingress-nginx
namespace: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ingress-nginx
subjects:
- kind: ServiceAccount
name: ingress-nginx
namespace: ingress-nginx
---
# Source: ingress-nginx/templates/controller-service-webhook.yaml
apiVersion: v1
kind: Service
metadata:
labels:
helm.sh/chart: ingress-nginx-3.8.0
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.41.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
name: ingress-nginx-controller-admission
namespace: ingress-nginx
spec:
type: ClusterIP
ports:
- name: https-webhook
port: 443
targetPort: webhook
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
---
# Source: ingress-nginx/templates/controller-service.yaml
apiVersion: v1
kind: Service
metadata:
annotations:
labels:
helm.sh/chart: ingress-nginx-3.8.0
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.41.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
name: ingress-nginx-controller
namespace: ingress-nginx
spec:
type: LoadBalancer
#externalTrafficPolicy: Local
ports:
- name: http
port: 80
protocol: TCP
targetPort: http
- name: https
port: 443
protocol: TCP
targetPort: https
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
---
# Source: ingress-nginx/templates/controller-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
helm.sh/chart: ingress-nginx-3.8.0
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.41.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
name: ingress-nginx-controller
namespace: ingress-nginx
spec:
selector:
matchLabels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
revisionHistoryLimit: 10
minReadySeconds: 0
template:
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
spec:
dnsPolicy: ClusterFirst
containers:
- name: controller
image: k8s.gcr.io/ingress-nginx/controller:v0.41.0@sha256:e6019e536cfb921afb99408d5292fa88b017c49dd29d05fc8dbc456aa770d590
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- /wait-shutdown
args:
- /nginx-ingress-controller
- --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller
- --election-id=ingress-controller-leader
- --ingress-class=nginx
- --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
- --validating-webhook=:8443
- --validating-webhook-certificate=/usr/local/certificates/cert
- --validating-webhook-key=/usr/local/certificates/key
securityContext:
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
runAsUser: 101
allowPrivilegeEscalation: true
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so
livenessProbe:
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 5
readinessProbe:
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
ports:
- name: http
containerPort: 80
protocol: TCP
- name: https
containerPort: 443
protocol: TCP
- name: webhook
containerPort: 8443
protocol: TCP
volumeMounts:
- name: webhook-cert
mountPath: /usr/local/certificates/
readOnly: true
resources:
requests:
cpu: 100m
memory: 90Mi
nodeSelector:
kubernetes.io/os: linux
serviceAccountName: ingress-nginx
terminationGracePeriodSeconds: 300
volumes:
- name: webhook-cert
secret:
secretName: ingress-nginx-admission
---
# Source: ingress-nginx/templates/admission-webhooks/validating-webhook.yaml
# before changing this value, check the required kubernetes version
# https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#prerequisites
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
labels:
helm.sh/chart: ingress-nginx-3.8.0
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.41.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook
name: ingress-nginx-admission
webhooks:
- name: validate.nginx.ingress.kubernetes.io
matchPolicy: Equivalent
rules:
- apiGroups:
- networking.k8s.io
apiVersions:
- v1beta1
operations:
- CREATE
- UPDATE
resources:
- ingresses
failurePolicy: Fail
sideEffects: None
admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
namespace: ingress-nginx
name: ingress-nginx-controller-admission
path: /networking/v1beta1/ingresses
---
# Source: ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: ingress-nginx-admission
annotations:
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels:
helm.sh/chart: ingress-nginx-3.8.0
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.41.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx
---
# Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ingress-nginx-admission
annotations:
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels:
helm.sh/chart: ingress-nginx-3.8.0
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.41.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook
rules:
- apiGroups:
- admissionregistration.k8s.io
resources:
- validatingwebhookconfigurations
verbs:
- get
- update
---
# Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: ingress-nginx-admission
annotations:
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels:
helm.sh/chart: ingress-nginx-3.8.0
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.41.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ingress-nginx-admission
subjects:
- kind: ServiceAccount
name: ingress-nginx-admission
namespace: ingress-nginx
---
# Source: ingress-nginx/templates/admission-webhooks/job-patch/role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: ingress-nginx-admission
annotations:
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels:
helm.sh/chart: ingress-nginx-3.8.0
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.41.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx
rules:
- apiGroups:
- ''
resources:
- secrets
verbs:
- get
- create
---
# Source: ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: ingress-nginx-admission
annotations:
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels:
helm.sh/chart: ingress-nginx-3.8.0
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.41.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ingress-nginx-admission
subjects:
- kind: ServiceAccount
name: ingress-nginx-admission
namespace: ingress-nginx
---
# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: ingress-nginx-admission-create
annotations:
helm.sh/hook: pre-install,pre-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels:
helm.sh/chart: ingress-nginx-3.8.0
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.41.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx
spec:
template:
metadata:
name: ingress-nginx-admission-create
labels:
helm.sh/chart: ingress-nginx-3.8.0
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.41.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook
spec:
containers:
- name: create
image: docker.io/jettech/kube-webhook-certgen:v1.5.0
imagePullPolicy: IfNotPresent
args:
- create
- --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc
- --namespace=$(POD_NAMESPACE)
- --secret-name=ingress-nginx-admission
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
restartPolicy: OnFailure
serviceAccountName: ingress-nginx-admission
securityContext:
runAsNonRoot: true
runAsUser: 2000
---
# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: ingress-nginx-admission-patch
annotations:
helm.sh/hook: post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels:
helm.sh/chart: ingress-nginx-3.8.0
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.41.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx
spec:
template:
metadata:
name: ingress-nginx-admission-patch
labels:
helm.sh/chart: ingress-nginx-3.8.0
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.41.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook
spec:
containers:
- name: patch
image: docker.io/jettech/kube-webhook-certgen:v1.5.0
imagePullPolicy: IfNotPresent
args:
- patch
- --webhook-name=ingress-nginx-admission
- --namespace=$(POD_NAMESPACE)
- --patch-mutating=false
- --secret-name=ingress-nginx-admission
- --patch-failure-policy=Fail
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
restartPolicy: OnFailure
serviceAccountName: ingress-nginx-admission
securityContext:
runAsNonRoot: true
runAsUser: 2000

5
templated-djx-test.yaml
View File

@@ -2411,7 +2411,6 @@ spec:
release: qseok
type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
@@ -2512,8 +2511,6 @@ spec:
path: /ready
port: http
resources:
volumeMounts:
- mountPath: /run/secrets/qlik.com/qseok-users
name: qseok-users-secrets
@@ -9122,8 +9119,6 @@ spec:
# requests:
# cpu: null
# memory: null
ports:
- containerPort: 8787

14122
wedw.yaml Normal file
View File

File diff suppressed because one or more lines are too long