From 6cd1b35be01eff10ac8e81a289bedf8dbf1f4bf2 Mon Sep 17 00:00:00 2001 From: Sheogorath <sheogorath@shivering-isles.com> Date: Mon, 29 Jan 2024 02:05:29 +0100 Subject: [PATCH] feat(findmydevice): Move to new kustomize-optimised config --- apps/base/findmydevice/kustomization.yaml | 13 +++++++++-- apps/base/findmydevice/namespace.yaml | 27 ---------------------- apps/base/findmydevice/networkpolicy.yaml | 18 --------------- apps/base/findmydevice/release.yaml | 1 - apps/k8s01/findmydevice/kustomization.yaml | 5 ++++ 5 files changed, 16 insertions(+), 48 deletions(-) delete mode 100644 apps/base/findmydevice/networkpolicy.yaml diff --git a/apps/base/findmydevice/kustomization.yaml b/apps/base/findmydevice/kustomization.yaml index 6d27f7d89..3a52936b8 100644 --- a/apps/base/findmydevice/kustomization.yaml +++ b/apps/base/findmydevice/kustomization.yaml @@ -1,11 +1,20 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: findmydevice + +commonLabels: + app.kubernetes.io/name: findmydevice + +buildMetadata: + - originAnnotations + resources: - namespace.yaml - release.yaml - ../../../shared/networkpolicies/allow-from-same-namespace.yaml - ../../../shared/networkpolicies/allow-from-ingress.yaml - ../../../shared/networkpolicies/allow-from-monitoring.yaml -patchesStrategicMerge: - - networkpolicy.yaml + +components: + - ../../../shared/components/flux-namespace-admin + - ../../../shared/components/namespace-baseline diff --git a/apps/base/findmydevice/namespace.yaml b/apps/base/findmydevice/namespace.yaml index 0ccfe62ed..b4df4036f 100644 --- a/apps/base/findmydevice/namespace.yaml +++ b/apps/base/findmydevice/namespace.yaml @@ -2,30 +2,3 @@ apiVersion: v1 kind: Namespace metadata: name: findmydevice - labels: - pod-security.kubernetes.io/audit: restricted - pod-security.kubernetes.io/enforce: baseline - pod-security.kubernetes.io/warn: restricted - pod-security.kubernetes.io/audit-version: v1.26 - pod-security.kubernetes.io/enforce-version: v1.23 - pod-security.kubernetes.io/warn-version: v1.26 ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: flux-reconciler - namespace: findmydevice ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: flux-reconciler - namespace: findmydevice -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: admin -subjects: - - kind: ServiceAccount - name: flux-reconciler - namespace: findmydevice diff --git a/apps/base/findmydevice/networkpolicy.yaml b/apps/base/findmydevice/networkpolicy.yaml deleted file mode 100644 index abebf0d7c..000000000 --- a/apps/base/findmydevice/networkpolicy.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: allow-from-ingress -spec: - podSelector: - matchLabels: - app.kubernetes.io/name: findmydevice ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: allow-from-monitoring -spec: - podSelector: - matchLabels: - app.kubernetes.io/name: findmydevice diff --git a/apps/base/findmydevice/release.yaml b/apps/base/findmydevice/release.yaml index 802be0cf7..09bf1f42e 100644 --- a/apps/base/findmydevice/release.yaml +++ b/apps/base/findmydevice/release.yaml @@ -4,7 +4,6 @@ metadata: name: findmydevice namespace: findmydevice spec: - serviceAccountName: flux-reconciler timeout: 15m releaseName: fmd chart: diff --git a/apps/k8s01/findmydevice/kustomization.yaml b/apps/k8s01/findmydevice/kustomization.yaml index 098f30fbd..2cce610d4 100644 --- a/apps/k8s01/findmydevice/kustomization.yaml +++ b/apps/k8s01/findmydevice/kustomization.yaml @@ -1,6 +1,11 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: findmydevice + +commonLabels: + app.kubernetes.io/name: findmydevice + app.kubernetes.io/instance: findmydevice + resources: - ../../base/findmydevice - certificate.yaml -- GitLab