manifests/charts/istio-operator/files/gen-operator.yaml (206 lines of code) (raw):

--- # Source: istio-operator/templates/service_account.yaml apiVersion: v1 kind: ServiceAccount metadata: namespace: istio-operator name: istio-operator --- # Source: istio-operator/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: creationTimestamp: null name: istio-operator rules: # istio groups - apiGroups: - authentication.istio.io resources: - '*' verbs: - '*' - apiGroups: - config.istio.io resources: - '*' verbs: - '*' - apiGroups: - install.istio.io resources: - '*' verbs: - '*' - apiGroups: - networking.istio.io resources: - '*' verbs: - '*' - apiGroups: - security.istio.io resources: - '*' verbs: - '*' # k8s groups - apiGroups: - admissionregistration.k8s.io resources: - mutatingwebhookconfigurations - validatingwebhookconfigurations verbs: - '*' - apiGroups: - apiextensions.k8s.io resources: - customresourcedefinitions.apiextensions.k8s.io - customresourcedefinitions verbs: - '*' - apiGroups: - apps - extensions resources: - daemonsets - deployments - deployments/finalizers - replicasets verbs: - '*' - apiGroups: - autoscaling resources: - horizontalpodautoscalers verbs: - '*' - apiGroups: - monitoring.coreos.com resources: - servicemonitors verbs: - get - create - update - apiGroups: - policy resources: - poddisruptionbudgets verbs: - '*' - apiGroups: - rbac.authorization.k8s.io resources: - clusterrolebindings - clusterroles - roles - rolebindings verbs: - '*' - apiGroups: - coordination.k8s.io resources: - leases verbs: - get - create - update - apiGroups: - "" resources: - configmaps - endpoints - events - namespaces - pods - pods/proxy - pods/portforward - persistentvolumeclaims - secrets - services - serviceaccounts verbs: - '*' --- # Source: istio-operator/templates/clusterrole_binding.yaml kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: istio-operator subjects: - kind: ServiceAccount name: istio-operator namespace: istio-operator roleRef: kind: ClusterRole name: istio-operator apiGroup: rbac.authorization.k8s.io --- # Source: istio-operator/templates/service.yaml apiVersion: v1 kind: Service metadata: namespace: istio-operator labels: name: istio-operator name: istio-operator spec: ports: - name: http-metrics port: 8383 targetPort: 8383 protocol: TCP selector: name: istio-operator --- # Source: istio-operator/templates/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: namespace: istio-operator name: istio-operator spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: name: istio-operator template: metadata: labels: name: istio-operator spec: serviceAccountName: istio-operator containers: - name: istio-operator image: gcr.io/istio-testing/dubbo-operator:v0.5.0-rc01 command: - operator - server securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL privileged: false readOnlyRootFilesystem: true runAsGroup: 1337 runAsUser: 1337 runAsNonRoot: true imagePullPolicy: IfNotPresent resources: limits: cpu: 200m memory: 256Mi requests: cpu: 50m memory: 128Mi env: - name: WATCH_NAMESPACE value: "dubbo-system" - name: LEADER_ELECTION_NAMESPACE value: "istio-operator" - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: OPERATOR_NAME value: "istio-operator" - name: WAIT_FOR_RESOURCES_TIMEOUT value: "300s" - name: REVISION value: ""