Undercloud/k8s-apps
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
77427372beb280d4f1815553714934dd895d268f
k8s-apps/kubevirt/kubevirt-manager.yaml
shodan 77427372be .
2026-04-07 10:24:58 +00:00

166 lines
4.4 KiB
YAML
Raw Blame History

apiVersion: v1
kind: ServiceAccount
metadata:
name: kubevirt-manager
namespace: kubevirt
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kubevirt-manager
rules:
- apiGroups: [""]
resources: ["nodes", "namespaces", "pods"]
verbs: ["get", "list"]
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get", "list"]
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["get", "list"]
- apiGroups: ["kubevirt.io"]
resources: ["virtualmachines", "virtualmachineinstances", "virtualmachineinstancemigrations"]
verbs: ["*"]
- apiGroups: ["subresources.kubevirt.io"]
resources: ["*"]
verbs: ["get", "list", "update", "patch"]
- apiGroups: ["instancetype.kubevirt.io"]
resources: ["*"]
verbs: ["*"]
- apiGroups: ["cdi.kubevirt.io"]
resources: ["*"]
verbs: ["*"]
- apiGroups: ["pool.kubevirt.io"]
resources: ["*"]
verbs: ["*"]
- apiGroups: [""]
resources: ["persistentvolumeclaims", "persistentvolumes", "services", "secrets", "serviceaccounts", "configmaps"]
verbs: ["*"]
- apiGroups: ["apps"]
resources: ["deployments"]
verbs: ["*"]
- apiGroups: ["networking.k8s.io"]
resources: ["networkpolicies", "ingresses"]
verbs: ["*"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list"]
- apiGroups: ["snapshot.kubevirt.io"]
resources: ["virtualmachinesnapshots", "virtualmachinesnapshotcontents", "virtualmachinerestores"]
verbs: ["get", "list", "watch", "create", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubevirt-manager
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kubevirt-manager
subjects:
- kind: ServiceAccount
name: kubevirt-manager
namespace: kubevirt
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: kubevirt-manager
namespace: kubevirt
spec:
replicas: 1
selector:
matchLabels:
app: kubevirt-manager
template:
metadata:
labels:
app: kubevirt-manager
spec:
serviceAccountName: kubevirt-manager
containers:
- name: kubevirt-manager
image: kubevirtmanager/kubevirt-manager:v1.5.4
ports:
- containerPort: 8080
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 10000
runAsGroup: 30000
volumeMounts:
- name: cache-volume
mountPath: /var/cache/nginx
- name: run-volume
mountPath: /var/run
- name: oauth-config
mountPath: /etc/nginx/oauth.d/
- name: auth-config
mountPath: /etc/nginx/auth.d/
- name: auth-secret
mountPath: /etc/nginx/secret.d/
- name: prometheus-config
mountPath: /etc/nginx/location.d/
volumes:
- name: cache-volume
emptyDir: {}
- name: run-volume
emptyDir: {}
- name: oauth-config
configMap:
name: oauth-config
optional: true
- name: auth-config
configMap:
name: auth-config
optional: true
- name: auth-secret
secret:
secretName: auth-secret
optional: true
- name: prometheus-config
configMap:
name: prometheus-config
optional: true
---
apiVersion: v1
kind: Service
metadata:
name: kubevirt-manager
namespace: kubevirt
spec:
type: ClusterIP
selector:
app: kubevirt-manager
ports:
- port: 8080
targetPort: 8080
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: kubevirt-manager
namespace: kubevirt
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-http-version: "1.1"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
spec:
tls:
- hosts:
- kubevirt.apps.undercloud.dev
secretName: kubevirt-manager-tls
rules:
- host: kubevirt.apps.undercloud.dev
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: kubevirt-manager
port:
number: 8080
Reference in New Issue View Git Blame Copy Permalink