Skip to content

Commit 73b951d

Browse files
authored
Merge pull request #469 from kubefirst/feat-ecr-sync
feat: ecr token sync
2 parents 78edbef + 78cd336 commit 73b951d

File tree

63 files changed

+1929
-1737
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

63 files changed

+1929
-1737
lines changed

aws-github/cluster-types/mgmt/components/actions-runner-controller/wait.yaml

Lines changed: 24 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -10,15 +10,15 @@ metadata:
1010
name: k8s-toolkit-arc
1111
namespace: github-runner
1212
rules:
13-
- apiGroups:
14-
- apps
15-
resources:
16-
- deployments
17-
- statefulsets
18-
verbs:
19-
- get
20-
- watch
21-
- list
13+
- apiGroups:
14+
- apps
15+
resources:
16+
- deployments
17+
- statefulsets
18+
verbs:
19+
- get
20+
- watch
21+
- list
2222
---
2323
apiVersion: rbac.authorization.k8s.io/v1
2424
kind: RoleBinding
@@ -30,30 +30,30 @@ roleRef:
3030
kind: Role
3131
name: k8s-toolkit-arc
3232
subjects:
33-
- kind: ServiceAccount
34-
name: k8s-toolkit-arc
35-
namespace: github-runner
33+
- kind: ServiceAccount
34+
name: k8s-toolkit-arc
35+
namespace: github-runner
3636
---
3737
apiVersion: batch/v1
3838
kind: Job
3939
metadata:
4040
annotations:
41-
argocd.argoproj.io/sync-wave: "20"
41+
argocd.argoproj.io/sync-wave: '20'
4242
name: wait-actions-runner-controller
4343
namespace: github-runner
4444
spec:
4545
template:
4646
spec:
4747
containers:
48-
- args:
49-
- wait-for
50-
- deployment
51-
- --namespace
52-
- github-runner
53-
- --label
54-
- app.kubernetes.io/name=actions-runner-controller
55-
image: public.ecr.aws/kubefirst/kubernetes-toolkit:0.0.7
56-
imagePullPolicy: IfNotPresent
57-
name: wait
48+
- args:
49+
- wait-for
50+
- deployment
51+
- --namespace
52+
- github-runner
53+
- --label
54+
- app.kubernetes.io/name=actions-runner-controller
55+
image: public.ecr.aws/kubefirst/kubernetes-toolkit:0.0.8
56+
imagePullPolicy: IfNotPresent
57+
name: wait
5858
restartPolicy: OnFailure
59-
serviceAccountName: k8s-toolkit-arc
59+
serviceAccountName: k8s-toolkit-arc
Lines changed: 78 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,78 @@
1+
---
2+
apiVersion: v1
3+
kind: ServiceAccount
4+
metadata:
5+
name: ecr-publish-permissions-sync
6+
namespace: argo
7+
annotations:
8+
eks.amazonaws.com/role-arn: 'arn:aws:iam::<AWS_ACCOUNT_ID>:role/ecr-publish-permissions-sync-<CLUSTER_NAME>'
9+
---
10+
apiVersion: rbac.authorization.k8s.io/v1
11+
kind: Role
12+
metadata:
13+
name: ecr-publish-permissions-sync
14+
namespace: argo
15+
rules:
16+
- apiGroups:
17+
- apps
18+
resources:
19+
- deployments
20+
- statefulsets
21+
verbs:
22+
- get
23+
- watch
24+
- list
25+
- apiGroups:
26+
- ''
27+
resources:
28+
- secrets
29+
verbs:
30+
- get
31+
- watch
32+
- list
33+
- update
34+
- create
35+
- delete
36+
---
37+
apiVersion: rbac.authorization.k8s.io/v1
38+
kind: RoleBinding
39+
metadata:
40+
name: ecr-publish-permissions-sync
41+
namespace: argo
42+
roleRef:
43+
apiGroup: rbac.authorization.k8s.io
44+
kind: Role
45+
name: ecr-publish-permissions-sync
46+
subjects:
47+
- kind: ServiceAccount
48+
name: ecr-publish-permissions-sync
49+
namespace: argo
50+
---
51+
apiVersion: batch/v1
52+
kind: CronJob
53+
metadata:
54+
annotations:
55+
argocd.argoproj.io/sync-wave: '20'
56+
name: ecr-publish-permissions-sync
57+
namespace: argo
58+
spec:
59+
# Run every 6 hours.
60+
schedule: '0 */6 * * *'
61+
jobTemplate:
62+
spec:
63+
template:
64+
spec:
65+
serviceAccountName: ecr-publish-permissions-sync
66+
restartPolicy: OnFailure
67+
containers:
68+
- name: ecr-publish-permissions-sync
69+
image: public.ecr.aws/kubefirst/kubernetes-toolkit:0.0.8
70+
imagePullPolicy: IfNotPresent
71+
args:
72+
- sync-ecr-token
73+
- --namespace
74+
- argo
75+
- --region
76+
- <CLOUD_REGION>
77+
- --registry-url
78+
- <CONTAINER_REGISTRY_URL>

aws-github/cluster-types/mgmt/components/argo-workflows/wait.yaml

Lines changed: 34 additions & 34 deletions
Original file line numberDiff line numberDiff line change
@@ -10,15 +10,15 @@ metadata:
1010
name: k8s-toolkit-argo
1111
namespace: argo
1212
rules:
13-
- apiGroups:
14-
- apps
15-
resources:
16-
- deployments
17-
- statefulsets
18-
verbs:
19-
- get
20-
- watch
21-
- list
13+
- apiGroups:
14+
- apps
15+
resources:
16+
- deployments
17+
- statefulsets
18+
verbs:
19+
- get
20+
- watch
21+
- list
2222
---
2323
apiVersion: rbac.authorization.k8s.io/v1
2424
kind: RoleBinding
@@ -30,55 +30,55 @@ roleRef:
3030
kind: Role
3131
name: k8s-toolkit-argo
3232
subjects:
33-
- kind: ServiceAccount
34-
name: k8s-toolkit-argo
35-
namespace: argo
33+
- kind: ServiceAccount
34+
name: k8s-toolkit-argo
35+
namespace: argo
3636
---
3737
apiVersion: batch/v1
3838
kind: Job
3939
metadata:
4040
annotations:
41-
argocd.argoproj.io/sync-wave: "20"
41+
argocd.argoproj.io/sync-wave: '20'
4242
name: wait-argo-workflow-controller
4343
namespace: argo
4444
spec:
4545
template:
4646
spec:
4747
containers:
48-
- args:
49-
- wait-for
50-
- deployment
51-
- --namespace
52-
- argo
53-
- --label
54-
- app.kubernetes.io/name=argo-workflow-controller
55-
image: public.ecr.aws/kubefirst/kubernetes-toolkit:0.0.7
56-
imagePullPolicy: IfNotPresent
57-
name: wait
48+
- args:
49+
- wait-for
50+
- deployment
51+
- --namespace
52+
- argo
53+
- --label
54+
- app.kubernetes.io/name=argo-workflow-controller
55+
image: public.ecr.aws/kubefirst/kubernetes-toolkit:0.0.8
56+
imagePullPolicy: IfNotPresent
57+
name: wait
5858
restartPolicy: OnFailure
5959
serviceAccountName: k8s-toolkit-argo
6060
---
6161
apiVersion: batch/v1
6262
kind: Job
6363
metadata:
6464
annotations:
65-
argocd.argoproj.io/sync-wave: "20"
65+
argocd.argoproj.io/sync-wave: '20'
6666
name: wait-argo-server
6767
namespace: argo
6868
spec:
6969
backoffLimit: 10
7070
template:
7171
spec:
7272
containers:
73-
- args:
74-
- wait-for
75-
- deployment
76-
- --namespace
77-
- argo
78-
- --label
79-
- app.kubernetes.io/name=argo-server
80-
image: public.ecr.aws/kubefirst/kubernetes-toolkit:0.0.7
81-
imagePullPolicy: IfNotPresent
82-
name: wait
73+
- args:
74+
- wait-for
75+
- deployment
76+
- --namespace
77+
- argo
78+
- --label
79+
- app.kubernetes.io/name=argo-server
80+
image: public.ecr.aws/kubefirst/kubernetes-toolkit:0.0.8
81+
imagePullPolicy: IfNotPresent
82+
name: wait
8383
restartPolicy: OnFailure
8484
serviceAccountName: k8s-toolkit-argo

aws-github/cluster-types/mgmt/components/atlantis/wait.yaml

Lines changed: 23 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -10,15 +10,15 @@ metadata:
1010
name: k8s-toolkit-atlantis
1111
namespace: atlantis
1212
rules:
13-
- apiGroups:
14-
- apps
15-
resources:
16-
- deployments
17-
- statefulsets
18-
verbs:
19-
- get
20-
- watch
21-
- list
13+
- apiGroups:
14+
- apps
15+
resources:
16+
- deployments
17+
- statefulsets
18+
verbs:
19+
- get
20+
- watch
21+
- list
2222
---
2323
apiVersion: rbac.authorization.k8s.io/v1
2424
kind: RoleBinding
@@ -30,30 +30,30 @@ roleRef:
3030
kind: Role
3131
name: k8s-toolkit-atlantis
3232
subjects:
33-
- kind: ServiceAccount
34-
name: k8s-toolkit-atlantis
35-
namespace: atlantis
33+
- kind: ServiceAccount
34+
name: k8s-toolkit-atlantis
35+
namespace: atlantis
3636
---
3737
apiVersion: batch/v1
3838
kind: Job
3939
metadata:
4040
annotations:
41-
argocd.argoproj.io/sync-wave: "20"
41+
argocd.argoproj.io/sync-wave: '20'
4242
name: wait-atlantis
4343
namespace: atlantis
4444
spec:
4545
template:
4646
spec:
4747
containers:
48-
- args:
49-
- wait-for
50-
- statefulset
51-
- --namespace
52-
- atlantis
53-
- --label
54-
- app=atlantis
55-
image: public.ecr.aws/kubefirst/kubernetes-toolkit:0.0.7
56-
imagePullPolicy: IfNotPresent
57-
name: wait
48+
- args:
49+
- wait-for
50+
- statefulset
51+
- --namespace
52+
- atlantis
53+
- --label
54+
- app=atlantis
55+
image: public.ecr.aws/kubefirst/kubernetes-toolkit:0.0.8
56+
imagePullPolicy: IfNotPresent
57+
name: wait
5858
restartPolicy: OnFailure
5959
serviceAccountName: k8s-toolkit-atlantis

aws-github/cluster-types/mgmt/components/chartmuseum/wait.yaml

Lines changed: 24 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -10,15 +10,15 @@ metadata:
1010
name: k8s-toolkit-chartmuseum
1111
namespace: chartmuseum
1212
rules:
13-
- apiGroups:
14-
- apps
15-
resources:
16-
- deployments
17-
- statefulsets
18-
verbs:
19-
- get
20-
- watch
21-
- list
13+
- apiGroups:
14+
- apps
15+
resources:
16+
- deployments
17+
- statefulsets
18+
verbs:
19+
- get
20+
- watch
21+
- list
2222
---
2323
apiVersion: rbac.authorization.k8s.io/v1
2424
kind: RoleBinding
@@ -30,30 +30,30 @@ roleRef:
3030
kind: Role
3131
name: k8s-toolkit-chartmuseum
3232
subjects:
33-
- kind: ServiceAccount
34-
name: k8s-toolkit-chartmuseum
35-
namespace: chartmuseum
33+
- kind: ServiceAccount
34+
name: k8s-toolkit-chartmuseum
35+
namespace: chartmuseum
3636
---
3737
apiVersion: batch/v1
3838
kind: Job
3939
metadata:
4040
annotations:
41-
argocd.argoproj.io/sync-wave: "20"
41+
argocd.argoproj.io/sync-wave: '20'
4242
name: wait-chartmuseum
4343
namespace: chartmuseum
4444
spec:
4545
template:
4646
spec:
4747
containers:
48-
- args:
49-
- wait-for
50-
- deployment
51-
- --namespace
52-
- chartmuseum
53-
- --label
54-
- app.kubernetes.io/name=chartmuseum
55-
image: public.ecr.aws/kubefirst/kubernetes-toolkit:0.0.7
56-
imagePullPolicy: IfNotPresent
57-
name: wait
48+
- args:
49+
- wait-for
50+
- deployment
51+
- --namespace
52+
- chartmuseum
53+
- --label
54+
- app.kubernetes.io/name=chartmuseum
55+
image: public.ecr.aws/kubefirst/kubernetes-toolkit:0.0.8
56+
imagePullPolicy: IfNotPresent
57+
name: wait
5858
restartPolicy: OnFailure
59-
serviceAccountName: k8s-toolkit-chartmuseum
59+
serviceAccountName: k8s-toolkit-chartmuseum

0 commit comments

Comments
 (0)