Mirrors/flux2
1
0
Fork 0
mirror of synced 2026-04-03 06:16:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(integrations/registry): remove deprecated kustomize features

Browse Source 
Signed-off-by: Artem <67638547+Stringls@users.noreply.github.com>
This commit is contained in:
Artem
2023-11-10 20:42:17 +02:00
parent 659ce798c9
commit e0dcd85e52
34 changed files with 242 additions and 218 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
manifests/integrations/registry-credentials-sync/_cronjobs/azure/config-patches.yaml → manifests/integrations/registry-credentials-sync/_cronjobs/azure/azure-identity-patch.yaml
View File

@@ -1,12 +1,3 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: credentials-sync
data:
ACR_NAME: my-registry
KUBE_SECRET: acr-my-registry # does not yet exist -- will be created in the same Namespace
# Create an identity in Azure and assign it a role to pull from ACR (note: the identity's resourceGroup should match the desired ACR):
# az identity create -n acr-sync
# az role assignment create --role AcrPull --assignee-object-id "$(az identity show -n acr-sync -o tsv --query principalId)"
@@ -23,19 +14,3 @@ spec:
clientID: 82d01fb0-7799-4d9d-92c7-21e7632c0000
resourceID: /subscriptions/873c7e7f-76cd-4805-ae86-b923850b0000/resourcegroups/stealthybox/providers/Microsoft.ManagedIdentity/userAssignedIdentities/acr-sync
type: 0 # user-managed identity
# Set the reconcile period + specify the pod-identity via the aadpodidbinding label
---
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: credentials-sync
namespace: flux-system
spec:
schedule: 0 * * * * # ACR tokens expire every 3 hours; refresh faster than that
jobTemplate:
spec:
template:
metadata:
labels:
aadpodidbinding: $(AZ_IDENTITY_NAME) # match the AzureIdentity name

8
manifests/integrations/registry-credentials-sync/_cronjobs/azure/config-map-patch.yaml Normal file
View File

@@ -0,0 +1,8 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: credentials-sync
data:
ACR_NAME: my-registry
KUBE_SECRET: acr-my-registry # does not yet exist -- will be created in the same Namespace

11
manifests/integrations/registry-credentials-sync/_cronjobs/azure/kustomization.yaml
View File

@@ -7,14 +7,15 @@ commonLabels:
namespace: flux-system
bases:
- ../_base
resources:
- ../_base
- az-identity.yaml
patchesStrategicMerge:
- config-patches.yaml
- reconcile-patch.yaml
patches:
- path: config-map-patch.yaml
- path: azure-identity-patch.yaml
- path: token-refresh-and-identity-injection-patch.yaml
- path: reconcile-patch.yaml
vars:
- name: AZ_IDENTITY_NAME

15
manifests/integrations/registry-credentials-sync/_cronjobs/azure/token-refresh-and-identity-injection-patch.yaml Normal file
View File

@@ -0,0 +1,15 @@
# Set the reconcile period + specify the pod-identity via the aadpodidbinding label
---
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: credentials-sync
namespace: flux-system
spec:
schedule: 0 * * * * # ACR tokens expire every 3 hours; refresh faster than that
jobTemplate:
spec:
template:
metadata:
labels:
aadpodidbinding: $(AZ_IDENTITY_NAME) # match the AzureIdentity name