V3ckt0r · March 18, 2019 14:51
diff --git a/flux-deployment.yaml b/flux-deployment.yaml
 ---
 apiVersion: v1
 kind: Namespace
 metadata:
  name: flux
 ---
 apiVersion: extensions/v1beta1 #apps/v1
 kind: Deployment
 metadata:
  name: flux
  namespace: flux
 spec:
  replicas: 1
  selector:
    matchLabels:
      name: flux
  strategy:
    type: Recreate
  template:
    metadata:
      annotations:
        prometheus.io.port: "3031" # tell prometheus to scrape /metrics endpoint's port.
      labels:
        name: flux
    spec:
      serviceAccountName: flux
      volumes:
      - name: git-key
        secret:
          secretName: flux-git-deploy
          defaultMode: 0400 # when mounted read-only, we won't be able to chmod
      - name: git-keygen
        emptyDir:
          medium: Memory
      - name: ssh-config
        configMap:
          name: known-hosts #flux-ssh-config
      containers:
      - name: flux
        image: quay.io/weaveworks/flux:1.11.0
        imagePullPolicy: IfNotPresent
        resources:
          requests:
            cpu: 50m
            memory: 64Mi
        ports:
        - containerPort: 3030 # informational
        volumeMounts:
        - name: git-key
          mountPath: /etc/fluxd/ssh # to match location given in image's /etc/ssh/config
          readOnly: true # this will be the case perforce in K8s >=1.10
        - name: git-keygen
          mountPath: /var/fluxd/keygen # to match location given in image's /etc/ssh/config
        # Include this if you need to mount a customised known_hosts
        # file; you'll also need the volume declared above.
        - name: ssh-config
          mountPath: /root/.ssh
        args:
        - --memcached-hostname=memcached
        - --memcached-service=
        - --ssh-keygen-dir=/var/fluxd/keygen
        - [email protected]
        - --git-branch=master
        - --listen-metrics=:3031
 ---
 # The service account, cluster roles, and cluster role binding are
 # only needed for Kubernetes with role-based access control (RBAC).
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  labels:
    name: flux
  name: flux
  namespace: flux
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: ClusterRole
 metadata:
  labels:
    name: flux
  name: flux
 rules:
  - apiGroups: ['*']
    resources: ['*']
    verbs: ['*']
  - nonResourceURLs: ['*']
    verbs: ['*']
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: ClusterRoleBinding
 metadata:
  labels:
    name: flux
  name: flux
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: flux
 subjects:
  - kind: ServiceAccount
    name: flux
    namespace: flux
 ---
 ---
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: known-hosts
  namespace: flux
 data:
  known_hosts: |
    xxxxxxxxxxxx,xxx.xxx.xxx.xxx ecdsa-xxxx xxxxxxxx
	---
	apiVersion: v1
	kind: Namespace
	metadata:
	name: flux
	---
	apiVersion: extensions/v1beta1 #apps/v1
	kind: Deployment
	metadata:
	name: flux
	namespace: flux
	spec:
	replicas: 1
	selector:
	matchLabels:
	name: flux
	strategy:
	type: Recreate
	template:
	metadata:
	annotations:
	prometheus.io.port: "3031" # tell prometheus to scrape /metrics endpoint's port.
	labels:
	name: flux
	spec:
	serviceAccountName: flux
	volumes:
	- name: git-key
	secret:
	secretName: flux-git-deploy
	defaultMode: 0400 # when mounted read-only, we won't be able to chmod
	- name: git-keygen
	emptyDir:
	medium: Memory
	- name: ssh-config
	configMap:
	name: known-hosts #flux-ssh-config
	containers:
	- name: flux
	image: quay.io/weaveworks/flux:1.11.0
	imagePullPolicy: IfNotPresent
	resources:
	requests:
	cpu: 50m
	memory: 64Mi
	ports:
	- containerPort: 3030 # informational
	volumeMounts:
	- name: git-key
	mountPath: /etc/fluxd/ssh # to match location given in image's /etc/ssh/config
	readOnly: true # this will be the case perforce in K8s >=1.10
	- name: git-keygen
	mountPath: /var/fluxd/keygen # to match location given in image's /etc/ssh/config
	# Include this if you need to mount a customised known_hosts
	# file; you'll also need the volume declared above.
	- name: ssh-config
	mountPath: /root/.ssh
	args:
	- --memcached-hostname=memcached
	- --memcached-service=
	- --ssh-keygen-dir=/var/fluxd/keygen
	- [email protected]
	- --git-branch=master
	- --listen-metrics=:3031
	---
	# The service account, cluster roles, and cluster role binding are
	# only needed for Kubernetes with role-based access control (RBAC).
	apiVersion: v1
	kind: ServiceAccount
	metadata:
	labels:
	name: flux
	name: flux
	namespace: flux
	---
	apiVersion: rbac.authorization.k8s.io/v1beta1
	kind: ClusterRole
	metadata:
	labels:
	name: flux
	name: flux
	rules:
	- apiGroups: ['*']
	resources: ['*']
	verbs: ['*']
	- nonResourceURLs: ['*']
	verbs: ['*']
	---
	apiVersion: rbac.authorization.k8s.io/v1beta1
	kind: ClusterRoleBinding
	metadata:
	labels:
	name: flux
	name: flux
	roleRef:
	apiGroup: rbac.authorization.k8s.io
	kind: ClusterRole
	name: flux
	subjects:
	- kind: ServiceAccount
	name: flux
	namespace: flux
	---
	---
	apiVersion: v1
	kind: ConfigMap
	metadata:
	name: known-hosts
	namespace: flux
	data:
	known_hosts: \|
	xxxxxxxxxxxx,xxx.xxx.xxx.xxx ecdsa-xxxx xxxxxxxx