--- # Source: keel/templates/00-namespace.yaml apiVersion: v1 kind: Namespace metadata: name: "keel" --- # Source: keel/templates/service-account.yaml apiVersion: v1 kind: ServiceAccount metadata: name: keel namespace: keel labels: app: keel chart: keel-0.7.0 release: keel heritage: Tiller --- # Source: keel/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: keel rules: - apiGroups: - "" resources: - namespaces verbs: - watch - list - apiGroups: - "" resources: - secrets verbs: - get - watch - list - apiGroups: - "" - extensions - apps - batch resources: - pods - replicasets - replicationcontrollers - statefulsets - deployments - daemonsets - jobs - cronjobs verbs: - get - delete # required to delete pods during force upgrade of the same tag - watch - list - update - apiGroups: - "" resources: - configmaps verbs: - get - create - update --- # Source: keel/templates/clusterrolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: keel roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: keel subjects: - kind: ServiceAccount name: keel namespace: keel --- # Source: keel/templates/service.yaml apiVersion: v1 kind: Service metadata: name: keel namespace: keel labels: app: keel chart: keel-0.7.0 release: keel heritage: Tiller spec: type: LoadBalancer ports: - port: 9300 targetPort: 9300 protocol: TCP name: keel selector: app: keel sessionAffinity: None --- # Source: keel/templates/deployment.yaml apiVersion: apps/v1beta2 kind: Deployment metadata: name: keel namespace: keel labels: app: keel chart: keel-0.7.0 release: keel heritage: Tiller spec: replicas: 1 selector: matchLabels: app: keel release: keel template: metadata: labels: app: keel release: keel spec: serviceAccountName: keel containers: - name: keel # Note that we use appVersion to get images tag. image: "keelhq/keel:0.14.1" imagePullPolicy: IfNotPresent command: ["/bin/keel"] env: - name: NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace # Enable GCR with pub/sub support - name: PROJECT_ID value: "" - name: PUBSUB value: "" # Set to '1' or 'true' to enable GCR pubsub # Enable AWS ECR - name: AWS_ACCESS_KEY_ID value: "" - name: AWS_SECRET_ACCESS_KEY value: "" - name: AWS_REGION value: "" # Enable webhook endpoint - name: WEBHOOK_ENDPOINT value: "" # Enable mattermost endpoint - name: MATTERMOST_ENDPOINT value: "" - name: SLACK_TOKEN value: "" - name: SLACK_CHANNELS value: "" - name: SLACK_APPROVALS_CHANNEL value: "" # Enable hipchat approvials and notification - name: HIPCHAT_TOKEN value: "" - name: HIPCHAT_CHANNELS value: "" - name: HIPCHAT_APPROVALS_CHANNEL value: "" - name: HIPCHAT_APPROVALS_BOT_NAME value: "" - name: HIPCHAT_APPROVALS_USER_NAME value: "" - name: HIPCHAT_APPROVALS_PASSWORT value: "" - name: NOTIFICATION_LEVEL value: "info" # Enable insecure registries - name: INSECURE_REGISTRY value: "true" ports: - containerPort: 9300 livenessProbe: httpGet: path: /healthz port: 9300 initialDelaySeconds: 30 timeoutSeconds: 10 resources: limits: cpu: 100m memory: 128Mi requests: cpu: 50m memory: 64Mi - name: webhookrelayd image: "webhookrelay/webhookrelayd:latest" imagePullPolicy: IfNotPresent command: ["/relayd"] env: - name: KEY valueFrom: secretKeyRef: name: keel-webhookrelay key: key - name: SECRET valueFrom: secretKeyRef: name: keel-webhookrelay key: secret - name: BUCKET value: "" resources: limits: cpu: 100m memory: 128Mi requests: cpu: 50m memory: 64Mi --- # Source: keel/templates/pod-disruption-budget.yaml apiVersion: policy/v1beta1 kind: PodDisruptionBudget metadata: name: keel namespace: keel spec: maxUnavailable: 1 selector: matchLabels: app: keel --- # Source: keel/templates/secrets-aws-ecr.yaml --- # Source: keel/templates/secrets-google.yaml --- # Source: keel/templates/secrets-webhookrelay.yaml