Description
Hi Team,
We are in a process of installing admiralty through helm chart and terraform. We have already installed cert-manager through helm and terraform. But when deploying admiralty helm release is failing on atlantis with it is looking for different namespace that does not exist and when tried without atlantis then getting labels and annotations not applied so webhook is denying it.
But we have already added labels and annotations on admiralty namespace and enabled inheritence as well. Same we did for cert-manager and it worked but for admiralty I am not sure why it is not taking correct namespace.
helm release that is failed is deployed in admiralty namespace only but not sure if any other component of admiralty is looking for some other namespace.
with direct helm install it is working find in the same namespace
When running from helm_release through terraform namespace is not showing in rendered manifest
resource "helm_release" "admiralty" {
name = "admiralty"
namespace = var.namespace
repository = "oci://public.ecr.aws/admiralty/"
chart = "admiralty"
version = var.admiralty_chart_version
Source: admiralty/templates/quota.yaml
apiVersion: v1
kind: ResourceQuota
metadata:
name: admiralty
spec:
scopeSelector:
matchExpressions:
- operator: In
scopeName: PriorityClass
values:
- system-cluster-critical
Source: admiralty/templates/deploy.yaml
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: admiralty-controller-manager
spec:
minAvailable: 1
selector:
matchLabels:
app.kubernetes.io/name: admiralty
app.kubernetes.io/instance: admiralty
component: controller-manager
Source: admiralty/templates/deploy.yaml
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: admiralty-proxy-scheduler
spec:
minAvailable: 1
selector:
matchLabels:
app.kubernetes.io/name: admiralty
app.kubernetes.io/instance: admiralty
component: proxy-scheduler
Source: admiralty/templates/deploy.yaml
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: admiralty-candidate-scheduler
spec:
minAvailable: 1
selector:
matchLabels:
app.kubernetes.io/name: admiralty
app.kubernetes.io/instance: admiralty
component: candidate-scheduler
Source: admiralty/templates/deploy.yaml
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: admiralty-restarter
spec:
minAvailable: 1
selector:
matchLabels:
app.kubernetes.io/name: admiralty
app.kubernetes.io/instance: admiralty
component: restarter
Source: admiralty/templates/sa.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: admiralty
labels:
helm.sh/chart: admiralty-0.17.0
app.kubernetes.io/name: admiralty
app.kubernetes.io/instance: admiralty
app.kubernetes.io/version: "0.17.0"
app.kubernetes.io/managed-by: Helm
Source: admiralty/templates/cm.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: admiralty
labels:
helm.sh/chart: admiralty-0.17.0
app.kubernetes.io/name: admiralty
app.kubernetes.io/instance: admiralty
app.kubernetes.io/version: "0.17.0"
app.kubernetes.io/managed-by: Helm
data:
proxy-scheduler-config: |
apiVersion: kubescheduler.config.k8s.io/v1
kind: KubeSchedulerConfiguration
leaderElection:
leaderElect: true
resourceName: admiralty-proxy-scheduler
resourceNamespace: admiralty
resourceLock: leases
profiles:
- schedulerName: admiralty-proxy
plugins:
multiPoint:
enabled:
- name: proxy
filter:
enabled:
- name: proxy
candidate-scheduler-config: |
apiVersion: kubescheduler.config.k8s.io/v1
kind: KubeSchedulerConfiguration
leaderElection:
leaderElect: true
resourceName: admiralty-candidate-scheduler
resourceNamespace: admiralty
resourceLock: leases
profiles:
- schedulerName: admiralty-candidate
plugins:
multiPoint:
enabled:
- name: candidate
Source: admiralty/templates/crds/clustersource.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: clustersources.multicluster.admiralty.io
labels:
helm.sh/chart: admiralty-0.17.0
app.kubernetes.io/name: admiralty
app.kubernetes.io/instance: admiralty
app.kubernetes.io/version: "0.17.0"
app.kubernetes.io/managed-by: Helm
spec:
group: multicluster.admiralty.io
names:
kind: ClusterSource
plural: clustersources
shortNames:
- csrc
scope: Cluster
versions:
- name: v1alpha1
served: true
storage: true
subresources:
status: { }
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
userName:
type: string
serviceAccount:
type: object
properties:
name:
type: string
namespace:
type: string
status:
type: object
Source: admiralty/templates/crds/clustersummary.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: clustersummaries.multicluster.admiralty.io
labels:
helm.sh/chart: admiralty-0.17.0
app.kubernetes.io/name: admiralty
app.kubernetes.io/instance: admiralty
app.kubernetes.io/version: "0.17.0"
app.kubernetes.io/managed-by: Helm
spec:
group: multicluster.admiralty.io
names:
kind: ClusterSummary
plural: clustersummaries
shortNames:
- mcsum
scope: Cluster
versions:
- name: v1alpha1
served: true
storage: true
subresources:
status: { }
schema:
openAPIV3Schema:
type: object
properties:
capacity:
type: object
additionalProperties:
x-kubernetes-int-or-string: true
allocatable:
type: object
additionalProperties:
x-kubernetes-int-or-string: true
Source: admiralty/templates/crds/clustertarget.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: clustertargets.multicluster.admiralty.io
labels:
helm.sh/chart: admiralty-0.17.0
app.kubernetes.io/name: admiralty
app.kubernetes.io/instance: admiralty
app.kubernetes.io/version: "0.17.0"
app.kubernetes.io/managed-by: Helm
spec:
group: multicluster.admiralty.io
names:
kind: ClusterTarget
plural: clustertargets
shortNames:
- ctg
scope: Cluster
versions:
- name: v1alpha1
served: true
storage: true
subresources:
status: { }
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
self:
type: boolean
kubeconfigSecret:
type: object
properties:
name:
type: string
namespace:
type: string
key:
type: string
context:
type: string
excludedLabelsRegexp:
type: string
status:
type: object
Source: admiralty/templates/crds/podchaperon.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: podchaperons.multicluster.admiralty.io
labels:
helm.sh/chart: admiralty-0.17.0
app.kubernetes.io/name: admiralty
app.kubernetes.io/instance: admiralty
app.kubernetes.io/version: "0.17.0"
app.kubernetes.io/managed-by: Helm
spec:
group: multicluster.admiralty.io
names:
kind: PodChaperon
plural: podchaperons
shortNames:
- chap
scope: Namespaced
versions:
- name: v1alpha1
served: true
storage: true
subresources:
status: { }
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
x-kubernetes-preserve-unknown-fields: true
# TODO generate
status:
type: object
x-kubernetes-preserve-unknown-fields: true
# TODO generate
additionalPrinterColumns:
- name: reserved
type: string
jsonPath: .metadata.annotations.multicluster.admiralty.io/is-reserved
- name: allowed
type: string
jsonPath: .metadata.annotations.multicluster.admiralty.io/is-allowed
Source: admiralty/templates/crds/source.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: sources.multicluster.admiralty.io
labels:
helm.sh/chart: admiralty-0.17.0
app.kubernetes.io/name: admiralty
app.kubernetes.io/instance: admiralty
app.kubernetes.io/version: "0.17.0"
app.kubernetes.io/managed-by: Helm
spec:
group: multicluster.admiralty.io
names:
kind: Source
plural: sources
shortNames:
- src
scope: Namespaced
versions:
- name: v1alpha1
served: true
storage: true
subresources:
status: { }
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
userName:
type: string
serviceAccountName:
type: string
status:
type: object
Source: admiralty/templates/crds/target.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: targets.multicluster.admiralty.io
labels:
helm.sh/chart: admiralty-0.17.0
app.kubernetes.io/name: admiralty
app.kubernetes.io/instance: admiralty
app.kubernetes.io/version: "0.17.0"
app.kubernetes.io/managed-by: Helm
spec:
group: multicluster.admiralty.io
names:
kind: Target
plural: targets
shortNames:
- tg
scope: Namespaced
versions:
- name: v1alpha1
served: true
storage: true
subresources:
status: { }
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
self:
type: boolean
kubeconfigSecret:
type: object
properties:
name:
type: string
key:
type: string
context:
type: string
excludedLabelsRegexp:
type: string
status:
type: object
Source: admiralty/templates/cr.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: admiralty
labels:
helm.sh/chart: admiralty-0.17.0
app.kubernetes.io/name: admiralty
app.kubernetes.io/instance: admiralty
app.kubernetes.io/version: "0.17.0"
app.kubernetes.io/managed-by: Helm
aggregationRule:
clusterRoleSelectors:
- matchLabels:
admiralty.io/aggregate-to-controller-manager: "true"
Source: admiralty/templates/cr.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: admiralty-todo-split
labels:
helm.sh/chart: admiralty-0.17.0
app.kubernetes.io/name: admiralty
app.kubernetes.io/instance: admiralty
app.kubernetes.io/version: "0.17.0"
app.kubernetes.io/managed-by: Helm
admiralty.io/aggregate-to-controller-manager: "true"
rules:
- apiGroups:
- multicluster.admiralty.io
resources: - podchaperons
verbs: - get
- list
- watch
- update
- patch
- multicluster.admiralty.io
- apiGroups:
- multicluster.admiralty.io
resources: - podchaperons/status
verbs: - update
- multicluster.admiralty.io
- apiGroups:
- ""
resources: - pods
verbs: - get
- list
- watch
- create
- update
- delete
- patch
- ""
- apiGroups:
- ""
resources: - pods/status
verbs: - update
- ""
- apiGroups:
- ""
resources: - services
verbs: - get
- list
- watch
- update
- patch
- ""
- apiGroups:
- ""
resources: - endpoints
- configmaps
- secrets
verbs: - get
- list
- watch
- patch
- ""
- apiGroups:
- multicluster.admiralty.io
resources: - clustersummaries
verbs: - get
- create
- update
- multicluster.admiralty.io
- apiGroups:
- ""
resources: - nodes
verbs: - get
- list
- watch
- ""
- apiGroups:
- ""
resources: - nodes/status
verbs: - update
- ""
- apiGroups:
- extensions
- networking.k8s.io
resources: - ingresses
verbs: - get
- list
- watch
- update
- patch
Source: admiralty/templates/cr.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: admiralty-source-controller
labels:
helm.sh/chart: admiralty-0.17.0
app.kubernetes.io/name: admiralty
app.kubernetes.io/instance: admiralty
app.kubernetes.io/version: "0.17.0"
app.kubernetes.io/managed-by: Helm
admiralty.io/aggregate-to-controller-manager: "true"
rules:
- apiGroups:
- multicluster.admiralty.io
resources: - sources
- clustersources
verbs: - get
- list
- watch
- multicluster.admiralty.io
- apiGroups:
- ""
resources: - serviceaccounts
verbs: - get
- list
- watch
- create
- ""
- apiGroups:
- rbac.authorization.k8s.io
resources: - rolebindings
- clusterrolebindings
verbs: - get
- list
- watch
- create
- update
- rbac.authorization.k8s.io
Source: admiralty/templates/cr.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: admiralty-vk
labels:
helm.sh/chart: admiralty-0.17.0
app.kubernetes.io/name: admiralty
app.kubernetes.io/instance: admiralty
app.kubernetes.io/version: "0.17.0"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
- coordination.k8s.io
resources: - leases # only needed in kube-node-leases namespaces (TODO: split and bind in RoleBinding)
verbs: - get
- create
- update
- delete
- coordination.k8s.io
- apiGroups:
- ""
resources: - nodes
verbs: - get
- create
- patch
- ""
- apiGroups:
- ""
resources: - nodes/status
verbs: - patch
- ""
- apiGroups:
- certificates.k8s.io
resources: - certificatesigningrequests
verbs: - create
- get
- certificates.k8s.io
- apiGroups:
- certificates.k8s.io
resources: - certificatesigningrequests/approval
verbs: - update
- certificates.k8s.io
- apiGroups:
- certificates.k8s.io
resources: - signers
resourceNames: - beta.eks.amazonaws.com/app-serving
verbs: - approve
- certificates.k8s.io
Source: admiralty/templates/cr.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: admiralty-source
labels:
helm.sh/chart: admiralty-0.17.0
app.kubernetes.io/name: admiralty
app.kubernetes.io/instance: admiralty
app.kubernetes.io/version: "0.17.0"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
- multicluster.admiralty.io
resources: - podchaperons
verbs: - get
- list
- watch
- create
- update
- delete
- deletecollection
- patch
- multicluster.admiralty.io
- apiGroups:
- multicluster.admiralty.io
resources: - podchaperons/finalizers
- sources/finalizers
verbs: - update
- multicluster.admiralty.io
- apiGroups:
- ""
resources: - services
- secrets
- configmaps
verbs: - get
- list
- watch
- create
- update
- delete
- ""
- apiGroups:
- extensions
- networking.k8s.io
resources: - ingresses
verbs: - get
- list
- watch
- create
- update
- delete
- apiGroups: [""]
resources: ["pods"]
verbs: ["list"] - apiGroups: [""]
resources: ["pods/finalizers"]
verbs:- update
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get"] - apiGroups: [""]
resources: ["pods/exec"]
verbs: ["create"]
Source: admiralty/templates/cr.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: admiralty-restarter
labels:
helm.sh/chart: admiralty-0.17.0
app.kubernetes.io/name: admiralty
app.kubernetes.io/instance: admiralty
app.kubernetes.io/version: "0.17.0"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
- multicluster.admiralty.io
resources: - targets
- clustertargets
verbs: - get
- list
- watch
- multicluster.admiralty.io
- apiGroups:
- apps
resources: - deployments
verbs: - patch
- apps
Source: admiralty/templates/cr.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: admiralty-cluster-summary-viewer
labels:
helm.sh/chart: admiralty-0.17.0
app.kubernetes.io/name: admiralty
app.kubernetes.io/instance: admiralty
app.kubernetes.io/version: "0.17.0"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
- multicluster.admiralty.io
resources: - clustersummaries
verbs: - get
- list
- watch
- multicluster.admiralty.io
Source: admiralty/templates/crb.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admiralty
labels:
helm.sh/chart: admiralty-0.17.0
app.kubernetes.io/name: admiralty
app.kubernetes.io/instance: admiralty
app.kubernetes.io/version: "0.17.0"
app.kubernetes.io/managed-by: Helm
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: admiralty
subjects:
- kind: ServiceAccount
name: admiralty
namespace: admiralty
Source: admiralty/templates/crb.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admiralty-vk
labels:
helm.sh/chart: admiralty-0.17.0
app.kubernetes.io/name: admiralty
app.kubernetes.io/instance: admiralty
app.kubernetes.io/version: "0.17.0"
app.kubernetes.io/managed-by: Helm
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: admiralty-vk
subjects:
- kind: ServiceAccount
name: admiralty
namespace: admiralty
Source: admiralty/templates/crb.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admiralty-as-kube-scheduler
labels:
helm.sh/chart: admiralty-0.17.0
app.kubernetes.io/name: admiralty
app.kubernetes.io/instance: admiralty
app.kubernetes.io/version: "0.17.0"
app.kubernetes.io/managed-by: Helm
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:kube-scheduler
subjects:
- kind: ServiceAccount
name: admiralty
namespace: admiralty
Source: admiralty/templates/crb.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admiralty-as-volume-scheduler
labels:
helm.sh/chart: admiralty-0.17.0
app.kubernetes.io/name: admiralty
app.kubernetes.io/instance: admiralty
app.kubernetes.io/version: "0.17.0"
app.kubernetes.io/managed-by: Helm
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:volume-scheduler
subjects:
- kind: ServiceAccount
name: admiralty
namespace: admiralty
Source: admiralty/templates/crb.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admiralty-source
labels:
helm.sh/chart: admiralty-0.17.0
app.kubernetes.io/name: admiralty
app.kubernetes.io/instance: admiralty
app.kubernetes.io/version: "0.17.0"
app.kubernetes.io/managed-by: Helm
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: admiralty-source
subjects:
- kind: ServiceAccount
name: admiralty
namespace: admiralty
Source: admiralty/templates/crb.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: admiralty-restarter
labels:
helm.sh/chart: admiralty-0.17.0
app.kubernetes.io/name: admiralty
app.kubernetes.io/instance: admiralty
app.kubernetes.io/version: "0.17.0"
app.kubernetes.io/managed-by: Helm
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: admiralty-restarter
subjects:
- kind: ServiceAccount
name: admiralty
namespace: admiralty
Source: admiralty/templates/crb.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admiralty-cluster-summary-viewer
labels:
helm.sh/chart: admiralty-0.17.0
app.kubernetes.io/name: admiralty
app.kubernetes.io/instance: admiralty
app.kubernetes.io/version: "0.17.0"
app.kubernetes.io/managed-by: Helm
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: admiralty-cluster-summary-viewer
subjects:
- kind: ServiceAccount
name: admiralty
namespace: admiralty
Source: admiralty/templates/cr.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: admiralty-leader-elector
labels:
helm.sh/chart: admiralty-0.17.0
app.kubernetes.io/name: admiralty
app.kubernetes.io/instance: admiralty
app.kubernetes.io/version: "0.17.0"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
- coordination.k8s.io
resources: - leases # TODO limit resource names
verbs: - get
- create
- update
- coordination.k8s.io
- apiGroups:
- ""
resources: - endpoints # TODO limit resource names
verbs: - get
- create
- update
- ""
Source: admiralty/templates/crb.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: admiralty-as-extension-apiserver-authentication-reader
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: extension-apiserver-authentication-reader
subjects:
- kind: ServiceAccount
name: admiralty
namespace: admiralty
Source: admiralty/templates/crb.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: admiralty-leader-elector
labels:
helm.sh/chart: admiralty-0.17.0
app.kubernetes.io/name: admiralty
app.kubernetes.io/instance: admiralty
app.kubernetes.io/version: "0.17.0"
app.kubernetes.io/managed-by: Helm
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: admiralty-leader-elector
subjects:
- kind: ServiceAccount
name: admiralty
namespace: admiralty
Source: admiralty/templates/svc.yaml
apiVersion: v1
kind: Service
metadata:
name: admiralty
labels:
helm.sh/chart: admiralty-0.17.0
app.kubernetes.io/name: admiralty
app.kubernetes.io/instance: admiralty
app.kubernetes.io/version: "0.17.0"
app.kubernetes.io/managed-by: Helm
spec:
selector:
app.kubernetes.io/name: admiralty
app.kubernetes.io/instance: admiralty
component: controller-manager
ports:
- port: 443
protocol: TCP
targetPort: 9443
Source: admiralty/templates/deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: admiralty-controller-manager
labels:
helm.sh/chart: admiralty-0.17.0
app.kubernetes.io/name: admiralty
app.kubernetes.io/in
6B1D
stance: admiralty
app.kubernetes.io/version: "0.17.0"
app.kubernetes.io/managed-by: Helm
spec:
selector:
matchLabels:
app.kubernetes.io/name: admiralty
app.kubernetes.io/instance: admiralty
component: controller-manager
replicas: 2
strategy:
type: RollingUpdate
template:
metadata:
labels:
helm.sh/chart: admiralty-0.17.0
app.kubernetes.io/name: admiralty
app.kubernetes.io/instance: admiralty
app.kubernetes.io/version: "0.17.0"
app.kubernetes.io/managed-by: Helm
component: controller-manager
spec:
containers:
- name: controller-manager
args: ["--leader-elect"]
env:
- name: CLUSTER_NAME
value:
# POD_NAME for leader election
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: SOURCE_CLUSTER_ROLE_NAME
value: admiralty-source
- name: CLUSTER_SUMMARY_VIEWER_CLUSTER_ROLE_NAME
value: admiralty-cluster-summary-viewer
- name: VKUBELET_POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: VKUBELET_CSR_SIGNER_NAME
value: beta.eks.amazonaws.com/app-serving
image: public.ecr.aws/admiralty/admiralty-agent:0.17.0
ports:
- containerPort: 9443
- containerPort: 10250
- containerPort: 8080
readinessProbe:
httpGet:
port: 8080
path: /readyz
volumeMounts:
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert
readOnly: true
imagePullPolicy: IfNotPresent
resources:
limits:
cpu: 2
memory: 256Mi
requests:
cpu: 1
memory: 256Mi
priorityClassName: system-cluster-critical
serviceAccountName: admiralty
volumes:
- name: cert
secret:
defaultMode: 420
secretName: admiralty-cert
Source: admiralty/templates/deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: admiralty-proxy-scheduler
labels:
helm.sh/chart: admiralty-0.17.0
app.kubernetes.io/name: admiralty
app.kubernetes.io/instance: admiralty
app.kubernetes.io/version: "0.17.0"
app.kubernetes.io/managed-by: Helm
spec:
selector:
matchLabels:
app.kubernetes.io/name: admiralty
app.kubernetes.io/instance: admiralty
component: proxy-scheduler
replicas: 2
strategy:
type: RollingUpdate
template:
metadata:
annotations:
checksum/config: 7e04e267164c94ade49c9916bd79eb80f7b11cdfeb77ee0791367486f6d51bb8
labels:
helm.sh/chart: admiralty-0.17.0
app.kubernetes.io/name: admiralty
app.kubernetes.io/instance: admiralty
app.kubernetes.io/version: "0.17.0"
app.kubernetes.io/managed-by: Helm
component: proxy-scheduler
spec:
containers:
- name: proxy-scheduler
image: public.ecr.aws/admiralty/admiralty-scheduler:0.17.0
args:
- --config=/etc/admiralty/proxy-scheduler-config
- --pod-max-in-unschedulable-pods-duration=60s
env:
- name: CLUSTER_NAME
value:
volumeMounts:
- name: config
mountPath: /etc/admiralty
imagePullPolicy: IfNotPresent
resources:
limits:
cpu: 1
memory: 256Mi
requests:
cpu: 1
memory: 256Mi
priorityClassName: system-cluster-critical
serviceAccountName: admiralty
volumes:
- name: config
configMap:
name: admiralty
Source: admiralty/templates/deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: admiralty-candidate-scheduler
labels:
helm.sh/chart: admiralty-0.17.0
app.kubernetes.io/name: admiralty
app.kubernetes.io/instance: admiralty
app.kubernetes.io/version: "0.17.0"
app.kubernetes.io/managed-by: Helm
spec:
selector:
matchLabels:
app.kubernetes.io/name: admiralty
app.kubernetes.io/instance: admiralty
component: candidate-scheduler
replicas: 2
strategy:
type: RollingUpdate
template:
metadata:
annotations:
checksum/config: 7e04e267164c94ade49c9916bd79eb80f7b11cdfeb77ee0791367486f6d51bb8
labels:
helm.sh/chart: admiralty-0.17.0
app.kubernetes.io/name: admiralty
app.kubernetes.io/instance: admiralty
app.kubernetes.io/version: "0.17.0"
app.kubernetes.io/managed-by: Helm
component: candidate-scheduler
spec:
containers:
- name: candidate-scheduler
image: public.ecr.aws/admiralty/admiralty-scheduler:0.17.0
args: ["--config", "/etc/admiralty/candidate-scheduler-config"]
volumeMounts:
- name: config
mountPath: /etc/admiralty
imagePullPolicy: IfNotPresent
resources:
limits:
cpu: 1
memory: 256Mi
requests:
cpu: 1
memory: 256Mi
priorityClassName: system-cluster-critical
serviceAccountName: admiralty
volumes:
- name: config
configMap:
name: admiralty
Source: admiralty/templates/deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: admiralty-restarter
labels:
helm.sh/chart: admiralty-0.17.0
app.kubernetes.io/name: admiralty
app.kubernetes.io/instance: admiralty
app.kubernetes.io/version: "0.17.0"
app.kubernetes.io/managed-by: Helm
spec:
selector:
matchLabels:
app.kubernetes.io/name: admiralty
app.kubernetes.io/instance: admiralty
component: restarter
replicas: 2
strategy:
type: RollingUpdate
template:
metadata:
labels:
helm.sh/chart: admiralty-0.17.0
app.kubernetes.io/name: admiralty
app.kubernetes.io/instance: admiralty
app.kubernetes.io/version: "0.17.0"
app.kubernetes.io/managed-by: Helm
component: restarter
spec:
containers:
- name: restarter
args: ["--leader-elect"]
env:
# POD_NAME for leader election
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: ADMIRALTY_CONTROLLER_MANAGER_DEPLOYMENT_NAME
value: admiralty-controller-manager
- name: ADMIRALTY_PROXY_SCHEDULER_DEPLOYMENT_NAME
value: admiralty-proxy-scheduler
image: public.ecr.aws/admiralty/admiralty-restarter:0.17.0
imagePullPolicy: IfNotPresent
resources:
limits:
cpu: 1
memory: 128Mi
requests:
cpu: 1
memory: 128Mi
priorityClassName: system-cluster-critical
serviceAccountName: admiralty
Source: admiralty/templates/cert.yaml
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: admiralty
labels:
helm.sh/chart: admiralty-0.17.0
app.kubernetes.io/name: admiralty
app.kubernetes.io/instance: admiralty
app.kubernetes.io/version: "0.17.0"
app.kubernetes.io/managed-by: Helm
spec:
commonName: admiralty.admiralty.svc
dnsNames:
- admiralty.admiralty.svc
- admiralty.admiralty.svc.cluster.local
secretName: admiralty-cert
issuerRef:
name: admiralty
Source: admiralty/templates/issuer.yaml
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: admiralty
labels:
helm.sh/chart: admiralty-0.17.0
app.kubernetes.io/name: admiralty
app.kubernetes.io/instance: admiralty
app.kubernetes.io/version: "0.17.0"
app.kubernetes.io/managed-by: Helm
spec:
selfSigned: {}
Source: admiralty/templates/webhook.yaml
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: admiralty
labels:
helm.sh/chart: admiralty-0.17.0
app.kubernetes.io/name: admiralty
app.kubernetes.io/instance: admiralty
app.kubernetes.io/version: "0.17.0"
app.kubernetes.io/managed-by: Helm
annotations:
cert-manager.io/inject-ca-from: admiralty/admiralty
webhooks:
- clientConfig:
caBundle: Cg==
service:
name: admiralty
namespace: admiralty
path: /mutate--v1-pod
failurePolicy: Fail
name: admiralty.multicluster.admiralty.io
namespaceSelector:
matchLabels:
multicluster-scheduler: enabled
rules:- apiGroups:
- ""
apiVersions: - v1
operations: - CREATE
resources: - pods
scope: '*'
sideEffects: None
admissionReviewVersions: [v1beta1]
reinvocationPolicy: Never
- ""
- apiGroups:
Anyone can you please help me in deploying admiralty?