--- apiVersion: v1 kind: Namespace metadata: name: "keel" --- apiVersion: v1 kind: ServiceAccount metadata: name: keel namespace: "keel" labels: app: keel --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: keel rules: - apiGroups: - "" resources: - namespaces verbs: - watch - list - apiGroups: - "" resources: - secrets verbs: - get - watch - list - apiGroups: - "" - extensions - apps - batch resources: - pods - replicasets - replicationcontrollers - statefulsets - deployments - daemonsets - jobs - cronjobs verbs: - get - delete # required to delete pods during force upgrade of the same tag - watch - list - update - apiGroups: - "" resources: - configmaps - pods/portforward verbs: - get - create - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: keel roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: keel subjects: - kind: ServiceAccount name: keel namespace: "keel" --- apiVersion: v1 kind: Service metadata: name: keel namespace: "keel" labels: app: keel spec: type: LoadBalancer ports: - port: 9300 targetPort: 9300 protocol: TCP name: keel selector: app: keel sessionAffinity: None --- apiVersion: apps/v1 kind: Deployment metadata: name: keel namespace: "keel" labels: app: keel spec: replicas: 1 selector: matchLabels: app: keel template: metadata: labels: app: keel spec: serviceAccountName: keel containers: - name: keel # Note that we use appVersion to get images tag. image: "keelhq/keel:latest" imagePullPolicy: Always command: ["/bin/keel"] env: - name: NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace # Enable GCR with pub/sub support - name: PROJECT_ID value: "" - name: PUBSUB value: "" # Set to '1' or 'true' to enable GCR pubsub # Basic auth (to enable UI/API) - name: BASIC_AUTH_USER value: j00lz - name: BASIC_AUTH_PASSWORD value: admin - name: AUTHENTICATED_WEBHOOKS value: "false" # Helm configuration # Enable AWS ECR - name: AWS_ACCESS_KEY_ID value: "" - name: AWS_SECRET_ACCESS_KEY value: "" - name: AWS_REGION value: "" # Enable webhook endpoint - name: WEBHOOK_ENDPOINT value: "" # Enable mattermost endpoint - name: MATTERMOST_ENDPOINT value: "" # Enable MS Teams webhook endpoint - name: TEAMS_WEBHOOK_URL value: "" - name: SLACK_TOKEN value: "" - name: SLACK_CHANNELS value: "general" - name: SLACK_APPROVALS_CHANNEL value: "general" - name: SLACK_BOT_NAME value: "keel" # Enable hipchat approvials and notification - name: HIPCHAT_TOKEN value: "" - name: HIPCHAT_CHANNELS value: "" - name: HIPCHAT_APPROVALS_CHANNEL value: "" - name: HIPCHAT_APPROVALS_BOT_NAME value: "" - name: HIPCHAT_APPROVALS_USER_NAME value: "" - name: HIPCHAT_APPROVALS_PASSWORT value: "" - name: NOTIFICATION_LEVEL value: "info" # Enable insecure registries - name: INSECURE_REGISTRY value: "false" ports: - containerPort: 9300 livenessProbe: httpGet: path: /healthz port: 9300 initialDelaySeconds: 30 timeoutSeconds: 10 resources: limits: cpu: 100m memory: 128Mi requests: cpu: 50m memory: 64Mi --- # Source: keel/templates/pod-disruption-budget.yaml apiVersion: policy/v1beta1 kind: PodDisruptionBudget metadata: name: keel namespace: "keel" spec: maxUnavailable: 1 selector: matchLabels: app: keel