Add kustomize base

tkhq · Jun 16, 2023 · e33ac24 · e33ac24
1 parent 491c2d5
commit e33ac24
Show file tree

Hide file tree

Showing 3 changed files with 106 additions and 0 deletions.
diff --git a/.github/workflows/kubernetes.yaml b/.github/workflows/kubernetes.yaml
@@ -0,0 +1,43 @@
+name: Pull Request
+
+on:
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  kustomize_build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        with:
+          path: repo
+      - name: kustomize build
+        run: |
+          env -C repo/ kustomize build ./kustomize -o ../manifests.yaml
+      - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+        with:
+          name: manifests-kustomize
+          path: manifests.yaml
+          retention-days: 1
+
+  kubeconform:
+    runs-on: ubuntu-latest
+    needs:
+      - kustomize_build
+    strategy:
+      matrix:
+        kubernetes-version:
+          - 1.27.0
+      fail-fast: false
+    steps:
+      - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+        with:
+          name: manifests-kustomize
+      - uses: docker://ghcr.io/yannh/kubeconform:v0.6.2@sha256:d49b233175b55c18d9a2af5e0b62249c3bc3bdd6161126655b4ad585c4b9b064
+        with:
+          entrypoint: '/kubeconform'
+          args: >-
+            -strict
+            -kubernetes-version="${{ matrix.kubernetes-version }}"
+            -summary manifests.yaml
diff --git a/kustomize/kustomization.yaml b/kustomize/kustomization.yaml
@@ -0,0 +1,11 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+commonLabels:
+  app.kubernetes.io/name: ecr-proxy
+resources:
+  - resources.yaml
+configMapGenerator:
+  - name: ecr-proxy
+    # overlay should add `account` field
+images:
+  - name: ghcr.io/tkhq/ecr-proxy
diff --git a/kustomize/resources.yaml b/kustomize/resources.yaml
@@ -0,0 +1,52 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: ecr-proxy
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: ecr-proxy
+spec:
+  template:
+    spec:
+      containers:
+        - name: ecr-proxy
+          image: ghcr.io/tkhq/ecr-proxy
+          env:
+            - name: ECR_PROXY_ADDR
+              value: ":8080"
+            - name: ECR_PROXY_ACCOUNT
+              valueFrom:
+                configMapKeyRef:
+                  name: ecr-proxy
+                  key: account
+          args:
+            - -addr=$(ECR_PROXY_ADDR)
+            - -account=$(ECR_PROXY_ACCOUNT)
+            - -region=$(AWS_DEFAULT_REGION) # the AWS_DEFAULT_REGION environment variable is often added by kubernetes controllers e.g. the AWS pod identity hook
+          ports:
+            - name: http
+              containerPort: 8080
+          livenessProbe:
+            httpGet:
+              path: /health
+              port: http
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+      serviceAccountName: ecr-proxy
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: ecr-proxy
+spec:
+  ports:
+    - name: http
+      port: 8080
+      targetPort: http