Last active
November 9, 2025 06:04
-
-
Save maazghani/fd1d0cdb486204e0d5fb91fab20aa623 to your computer and use it in GitHub Desktop.
ephemeralapp-operator-install.yaml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: Namespace | |
| metadata: | |
| labels: | |
| app.kubernetes.io/managed-by: kustomize | |
| app.kubernetes.io/name: ephemeralapp-operator | |
| control-plane: controller-manager | |
| name: ephemeralapp-operator-system | |
| --- | |
| apiVersion: apiextensions.k8s.io/v1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| annotations: | |
| controller-gen.kubebuilder.io/version: v0.14.0 | |
| name: ephemeralapps.apps.example.io | |
| spec: | |
| group: apps.example.io | |
| names: | |
| kind: EphemeralApp | |
| listKind: EphemeralAppList | |
| plural: ephemeralapps | |
| singular: ephemeralapp | |
| scope: Namespaced | |
| versions: | |
| - name: v1alpha1 | |
| schema: | |
| openAPIV3Schema: | |
| description: EphemeralApp is the Schema for the ephemeralapps API | |
| properties: | |
| apiVersion: | |
| description: |- | |
| APIVersion defines the versioned schema of this representation of an object. | |
| Servers should convert recognized schemas to the latest internal value, and | |
| may reject unrecognized values. | |
| More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources | |
| type: string | |
| kind: | |
| description: |- | |
| Kind is a string value representing the REST resource this object represents. | |
| Servers may infer this from the endpoint the client submits requests to. | |
| Cannot be updated. | |
| In CamelCase. | |
| More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | |
| type: string | |
| metadata: | |
| type: object | |
| spec: | |
| description: EphemeralAppSpec defines the desired state of EphemeralApp | |
| properties: | |
| image: | |
| description: '"image" is the container image to run' | |
| type: string | |
| replicas: | |
| description: '"replicas" is the number of desired pods' | |
| format: int32 | |
| type: integer | |
| required: | |
| - image | |
| - replicas | |
| type: object | |
| status: | |
| description: EphemeralAppStatus defines the current state of EphemeralApp | |
| properties: | |
| conditions: | |
| description: '"Conditions" represent the latest available observations | |
| of the EphemeralApp''s state' | |
| items: | |
| description: "Condition contains details for one aspect of the current | |
| state of this API Resource.\n---\nThis struct is intended for | |
| direct use as an array at the field path .status.conditions. For | |
| example,\n\n\n\ttype FooStatus struct{\n\t // Represents the | |
| observations of a foo's current state.\n\t // Known .status.conditions.type | |
| are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // | |
| +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t | |
| \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" | |
| patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t | |
| \ // other fields\n\t}" | |
| properties: | |
| lastTransitionTime: | |
| description: |- | |
| lastTransitionTime is the last time the condition transitioned from one status to another. | |
| This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. | |
| format: date-time | |
| type: string | |
| message: | |
| description: |- | |
| message is a human readable message indicating details about the transition. | |
| This may be an empty string. | |
| maxLength: 32768 | |
| type: string | |
| observedGeneration: | |
| description: |- | |
| observedGeneration represents the .metadata.generation that the condition was set based upon. | |
| For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date | |
| with respect to the current state of the instance. | |
| format: int64 | |
| minimum: 0 | |
| type: integer | |
| reason: | |
| description: |- | |
| reason contains a programmatic identifier indicating the reason for the condition's last transition. | |
| Producers of specific condition types may define expected values and meanings for this field, | |
| and whether the values are considered a guaranteed API. | |
| The value should be a CamelCase string. | |
| This field may not be empty. | |
| maxLength: 1024 | |
| minLength: 1 | |
| pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ | |
| type: string | |
| status: | |
| description: status of the condition, one of True, False, Unknown. | |
| enum: | |
| - "True" | |
| - "False" | |
| - Unknown | |
| type: string | |
| type: | |
| description: |- | |
| type of condition in CamelCase or in foo.example.com/CamelCase. | |
| --- | |
| Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be | |
| useful (see .node.status.conditions), the ability to deconflict is important. | |
| The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) | |
| maxLength: 316 | |
| pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ | |
| type: string | |
| required: | |
| - lastTransitionTime | |
| - message | |
| - reason | |
| - status | |
| - type | |
| type: object | |
| type: array | |
| ready: | |
| description: '"Ready" indicates whether the app is ready' | |
| type: boolean | |
| required: | |
| - ready | |
| type: object | |
| type: object | |
| served: true | |
| storage: true | |
| subresources: | |
| status: {} | |
| --- | |
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: | |
| labels: | |
| app.kubernetes.io/managed-by: kustomize | |
| app.kubernetes.io/name: ephemeralapp-operator | |
| name: ephemeralapp-operator-controller-manager | |
| namespace: ephemeralapp-operator-system | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: Role | |
| metadata: | |
| labels: | |
| app.kubernetes.io/managed-by: kustomize | |
| app.kubernetes.io/name: ephemeralapp-operator | |
| name: ephemeralapp-operator-leader-election-role | |
| namespace: ephemeralapp-operator-system | |
| rules: | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - configmaps | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - create | |
| - update | |
| - patch | |
| - delete | |
| - apiGroups: | |
| - coordination.k8s.io | |
| resources: | |
| - leases | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - create | |
| - update | |
| - patch | |
| - delete | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - events | |
| verbs: | |
| - create | |
| - patch | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRole | |
| metadata: | |
| labels: | |
| app.kubernetes.io/managed-by: kustomize | |
| app.kubernetes.io/name: ephemeralapp-operator | |
| name: ephemeralapp-operator-ephemeralapp-editor-role | |
| rules: | |
| - apiGroups: | |
| - apps.example.io | |
| resources: | |
| - ephemeralapps | |
| verbs: | |
| - create | |
| - delete | |
| - get | |
| - list | |
| - patch | |
| - update | |
| - watch | |
| - apiGroups: | |
| - apps.example.io | |
| resources: | |
| - ephemeralapps/status | |
| verbs: | |
| - get | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRole | |
| metadata: | |
| labels: | |
| app.kubernetes.io/managed-by: kustomize | |
| app.kubernetes.io/name: ephemeralapp-operator | |
| name: ephemeralapp-operator-ephemeralapp-viewer-role | |
| rules: | |
| - apiGroups: | |
| - apps.example.io | |
| resources: | |
| - ephemeralapps | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - apps.example.io | |
| resources: | |
| - ephemeralapps/status | |
| verbs: | |
| - get | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRole | |
| metadata: | |
| name: ephemeralapp-operator-manager-role | |
| rules: | |
| - apiGroups: | |
| - apps | |
| resources: | |
| - deployments | |
| verbs: | |
| - create | |
| - delete | |
| - get | |
| - list | |
| - patch | |
| - update | |
| - watch | |
| - apiGroups: | |
| - apps.example.io | |
| resources: | |
| - ephemeralapps | |
| verbs: | |
| - create | |
| - delete | |
| - get | |
| - list | |
| - patch | |
| - update | |
| - watch | |
| - apiGroups: | |
| - apps.example.io | |
| resources: | |
| - ephemeralapps/finalizers | |
| verbs: | |
| - update | |
| - apiGroups: | |
| - apps.example.io | |
| resources: | |
| - ephemeralapps/status | |
| verbs: | |
| - get | |
| - patch | |
| - update | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRole | |
| metadata: | |
| labels: | |
| app.kubernetes.io/managed-by: kustomize | |
| app.kubernetes.io/name: ephemeralapp-operator | |
| name: ephemeralapp-operator-metrics-reader | |
| rules: | |
| - nonResourceURLs: | |
| - /metrics | |
| verbs: | |
| - get | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRole | |
| metadata: | |
| labels: | |
| app.kubernetes.io/managed-by: kustomize | |
| app.kubernetes.io/name: ephemeralapp-operator | |
| name: ephemeralapp-operator-proxy-role | |
| rules: | |
| - apiGroups: | |
| - authentication.k8s.io | |
| resources: | |
| - tokenreviews | |
| verbs: | |
| - create | |
| - apiGroups: | |
| - authorization.k8s.io | |
| resources: | |
| - subjectaccessreviews | |
| verbs: | |
| - create | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: RoleBinding | |
| metadata: | |
| labels: | |
| app.kubernetes.io/managed-by: kustomize | |
| app.kubernetes.io/name: ephemeralapp-operator | |
| name: ephemeralapp-operator-leader-election-rolebinding | |
| namespace: ephemeralapp-operator-system | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: Role | |
| name: ephemeralapp-operator-leader-election-role | |
| subjects: | |
| - kind: ServiceAccount | |
| name: ephemeralapp-operator-controller-manager | |
| namespace: ephemeralapp-operator-system | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRoleBinding | |
| metadata: | |
| labels: | |
| app.kubernetes.io/managed-by: kustomize | |
| app.kubernetes.io/name: ephemeralapp-operator | |
| name: ephemeralapp-operator-manager-rolebinding | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: ClusterRole | |
| name: ephemeralapp-operator-manager-role | |
| subjects: | |
| - kind: ServiceAccount | |
| name: ephemeralapp-operator-controller-manager | |
| namespace: ephemeralapp-operator-system | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRoleBinding | |
| metadata: | |
| labels: | |
| app.kubernetes.io/managed-by: kustomize | |
| app.kubernetes.io/name: ephemeralapp-operator | |
| name: ephemeralapp-operator-proxy-rolebinding | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: ClusterRole | |
| name: ephemeralapp-operator-proxy-role | |
| subjects: | |
| - kind: ServiceAccount | |
| name: ephemeralapp-operator-controller-manager | |
| namespace: ephemeralapp-operator-system | |
| --- | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| labels: | |
| app.kubernetes.io/managed-by: kustomize | |
| app.kubernetes.io/name: ephemeralapp-operator | |
| control-plane: controller-manager | |
| name: ephemeralapp-operator-controller-manager-metrics-service | |
| namespace: ephemeralapp-operator-system | |
| spec: | |
| ports: | |
| - name: https | |
| port: 8443 | |
| protocol: TCP | |
| targetPort: https | |
| selector: | |
| control-plane: controller-manager | |
| --- | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| labels: | |
| app.kubernetes.io/managed-by: kustomize | |
| app.kubernetes.io/name: ephemeralapp-operator | |
| control-plane: controller-manager | |
| name: ephemeralapp-operator-controller-manager | |
| namespace: ephemeralapp-operator-system | |
| spec: | |
| replicas: 1 | |
| selector: | |
| matchLabels: | |
| control-plane: controller-manager | |
| template: | |
| metadata: | |
| annotations: | |
| kubectl.kubernetes.io/default-container: manager | |
| labels: | |
| control-plane: controller-manager | |
| spec: | |
| containers: | |
| - args: | |
| - --secure-listen-address=0.0.0.0:8443 | |
| - --upstream=http://127.0.0.1:8080/ | |
| - --logtostderr=true | |
| - --v=0 | |
| image: gcr.io/kubebuilder/kube-rbac-proxy:v0.16.0 | |
| name: kube-rbac-proxy | |
| ports: | |
| - containerPort: 8443 | |
| name: https | |
| protocol: TCP | |
| resources: | |
| limits: | |
| cpu: 500m | |
| memory: 128Mi | |
| requests: | |
| cpu: 5m | |
| memory: 64Mi | |
| securityContext: | |
| allowPrivilegeEscalation: false | |
| capabilities: | |
| drop: | |
| - ALL | |
| - args: | |
| - --health-probe-bind-address=:8081 | |
| - --metrics-bind-address=127.0.0.1:8080 | |
| - --leader-elect | |
| command: | |
| - /manager | |
| image: maazghani/ephemeralapp-operator:latest | |
| livenessProbe: | |
| httpGet: | |
| path: /healthz | |
| port: 8081 | |
| initialDelaySeconds: 15 | |
| periodSeconds: 20 | |
| name: manager | |
| readinessProbe: | |
| httpGet: | |
| path: /readyz | |
| port: 8081 | |
| initialDelaySeconds: 5 | |
| periodSeconds: 10 | |
| resources: | |
| limits: | |
| cpu: 500m | |
| memory: 128Mi | |
| requests: | |
| cpu: 10m | |
| memory: 64Mi | |
| securityContext: | |
| allowPrivilegeEscalation: false | |
| capabilities: | |
| drop: | |
| - ALL | |
| securityContext: | |
| runAsNonRoot: true | |
| serviceAccountName: ephemeralapp-operator-controller-manager | |
| terminationGracePeriodSeconds: 10 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment