diff --git a/cmd/root.go b/cmd/root.go index 18080c1a..6328c8bb 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -26,11 +26,6 @@ func buildBurritoCmd(app *burrito.App) *cobra.Command { }, } - cmd.PersistentFlags().StringVar(&app.Config.Redis.Hostname, "redis-host", "burrito-redis.burrito-system", "the redis host to connect to") - cmd.PersistentFlags().IntVar(&app.Config.Redis.ServerPort, "redis-port", 6379, "the port of the redis to connect to") - cmd.PersistentFlags().StringVar(&app.Config.Redis.Password, "redis-password", "", "the redis password") - cmd.PersistentFlags().IntVar(&app.Config.Redis.Database, "redis-database", 0, "the redis database") - cmd.AddCommand(controllers.BuildControllersCmd(app)) cmd.AddCommand(runner.BuildRunnerCmd(app)) cmd.AddCommand(server.BuildServerCmd(app)) diff --git a/deploy/charts/burrito/values-example.yaml b/deploy/charts/burrito/values-example.yaml index 3bbc33c7..df541aa3 100644 --- a/deploy/charts/burrito/values-example.yaml +++ b/deploy/charts/burrito/values-example.yaml @@ -1,6 +1,3 @@ -redis: - enabled: true - global: deployment: image: diff --git a/docs/operator-manual/advanced-configuration.md b/docs/operator-manual/advanced-configuration.md index 851951b7..e057f925 100644 --- a/docs/operator-manual/advanced-configuration.md +++ b/docs/operator-manual/advanced-configuration.md @@ -1,14 +1,5 @@ # Advanced configuration -You can configure `burrito` with environment variables. - -| Environment variable | Description | Default | -| :------------------------: | :---------------------------------: | :----------------------------: | -| `BURRITO_REDIS_HOSTNAME` | the redis host to connect to | `burrito-redis.burrito-system` | -| `BURRITO_REDIS_SERVERPORT` | the port of the redis to connect to | `6379` | -| `BURRITO_REDIS_DATABASE` | the redis database to connect to | `0` | -| `BURRITO_REDIS_PASSWORD` | the redis password | (empty) | - ## Controllers' configuration | Environment variable | Description | Default | diff --git a/docs/operator-manual/architecture.md b/docs/operator-manual/architecture.md index 10cbba6c..63a6fc71 100644 --- a/docs/operator-manual/architecture.md +++ b/docs/operator-manual/architecture.md @@ -52,9 +52,6 @@ The status of a `TerraformLayer` is defined using the [conditions standards defi - `IsApplyUpToDate`. This condition is used to check if an `apply` needs to run after the last `plan`. Comparison is made by comparing a checksum of the last planned binary and a checksum last applied binary stored in the annotations. - `IsLastRelevantCommitPlanned`. This condition is used to check if a new commit has been made to the layer and need to be applied. It is evaluated by comparing the commit used for the last `plan`, the last commit which intoduced changes to the layer and the last commit made to the same branch of the repository. Those commits are "stored" as annotations. -!!! info - We use annotations to store information because we do not want to rely too heavily on the uptime of the Redis instance. - With those 3 conditions, we defined 3 states: - `Idle`. This is the state of a layer if no runner needs be started @@ -87,9 +84,6 @@ With those 5 conditions, we defined 6 states: The `TerraformRun` controller also creates and deletes the [Kubernetes leases](https://kubernetes.io/docs/concepts/architecture/leases/) to avoid concurrent use of Terraform on the same layer. -!!! info - N.B.: We use lease objects in order to not have to rely on the Redis instance for layer locking. - ### The runners The runner image implementation heavily relies on Golang libraries provided by Hashicorp such as [`tfexec`](https://github.com/hashicorp/terraform-exec) and [`hc-install`](https://github.com/hashicorp/hc-install) which allows us to dynamically download and use any version of the Terraform binary. diff --git a/docs/operator-manual/install/with-helm.md b/docs/operator-manual/install/with-helm.md index 16f3da15..3b6edd50 100644 --- a/docs/operator-manual/install/with-helm.md +++ b/docs/operator-manual/install/with-helm.md @@ -32,14 +32,6 @@ The chart's source code is available on [burrito GitHub repository](https://gith Here is an example of values file overriding some default values of burrito: ```yaml -# Example of external Redis instance -redis: - enabled: false -config: - burrito: - redis: - hostname: "custom-redis.svc.cluster.local" - tenants: # Example tenant with 1 service account having additional role bindings - namespace: diff --git a/docs/operator-manual/multi-tenant-architecture.md b/docs/operator-manual/multi-tenant-architecture.md index f6a01917..4016e8dd 100644 --- a/docs/operator-manual/multi-tenant-architecture.md +++ b/docs/operator-manual/multi-tenant-architecture.md @@ -6,7 +6,7 @@ With our [Helm chart](./install/with-helm.md) we provide a way to setup multi-te The setup is split across multiple Kubernetes namespaces: -- `burrito-system` is where burrito's components live and operate (controllers, server, Redis) +- `burrito-system` is where burrito's components live and operate (controllers, server, datastore) - the other namespaces (`tenant-namespace-[1-3]` on the schema) where `TerraformRepository`, `TerraformLayer`, `TerraformRun` and `TerraformPullRequest` resources live and where burrito spawns runner pods for Terraform `plan` and `apply` actions. Thanks to Kubernetes native RBAC system you can restrict access for your users only to the namespaces their burrito resources live. diff --git a/go.mod b/go.mod index ae1790ba..7865dc43 100644 --- a/go.mod +++ b/go.mod @@ -70,7 +70,6 @@ require ( github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-retryablehttp v0.7.4 // indirect github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect - github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/kevinburke/ssh_config v1.2.0 // indirect github.com/kylelemons/godebug v1.1.0 // indirect github.com/labstack/gommon v0.4.2 // indirect @@ -108,7 +107,6 @@ require ( github.com/bombsimon/logrusr/v4 v4.0.0 github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/davecgh/go-spew v1.1.1 // indirect - github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect github.com/emicklei/go-restful/v3 v3.11.0 // indirect github.com/evanphx/json-patch/v5 v5.6.0 // indirect github.com/fsnotify/fsnotify v1.6.0 // indirect @@ -119,7 +117,6 @@ require ( github.com/go-openapi/jsonreference v0.20.2 // indirect github.com/go-openapi/swag v0.22.3 // indirect github.com/go-playground/webhooks v5.17.0+incompatible - github.com/go-redis/redis/v8 v8.11.5 github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.4 // indirect diff --git a/go.sum b/go.sum index 84c165c5..7af89fbe 100644 --- a/go.sum +++ b/go.sum @@ -135,8 +135,6 @@ github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxG github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78= -github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc= github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI= github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a h1:mATvB/9r/3gvcejNsXKSkQ6lcIaNec2nyfOdlTBR2lU= github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g= @@ -186,8 +184,6 @@ github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/ github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= github.com/go-playground/webhooks v5.17.0+incompatible h1:Ea3zLJXlnlIFweIujDxdneq512xO4k9cYwAuZ3VuPJo= github.com/go-playground/webhooks v5.17.0+incompatible/go.mod h1:rMsxoY7bQzIPF9Ni55rTCyLG2af55f9IWgJ1ao3JiZA= -github.com/go-redis/redis/v8 v8.11.5 h1:AcZZR7igkdvfVmQTPnu9WE37LRrO/YrBH5zWyjDC0oI= -github.com/go-redis/redis/v8 v8.11.5/go.mod h1:gREzHqY1hg6oD9ngVRbLStwAWKhA0FEgq8Jd4h5lpwo= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= @@ -318,9 +314,6 @@ github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOl github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= -github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= -github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= -github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= @@ -365,8 +358,6 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= -github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo/v2 v2.13.2 h1:Bi2gGVkfn6gQcjNjZJVO8Gf0FHzMPf2phUei9tejVMs= github.com/onsi/ginkgo/v2 v2.13.2/go.mod h1:XStQ8QcGwLyF4HdfcZB8SFOS/MWCgDuXMSBe6zrvLgM= github.com/onsi/gomega v1.29.0 h1:KIA/t2t5UBzoirT4H9tsML45GEbo3ouUnBHsCfD2tVg= @@ -830,7 +821,6 @@ gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA= gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= -gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME= gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= diff --git a/internal/burrito/config/config.go b/internal/burrito/config/config.go index 07bc3f65..c830035b 100644 --- a/internal/burrito/config/config.go +++ b/internal/burrito/config/config.go @@ -15,7 +15,6 @@ type Config struct { Runner RunnerConfig `mapstructure:"runner"` Controller ControllerConfig `mapstructure:"controller"` Datastore DatastoreConfig `mapstructure:"datastore"` - Redis Redis `mapstructure:"redis"` Server ServerConfig `mapstructure:"server"` Hermitcrab HermitcrabConfig `mapstructure:"hermitcrab"` } @@ -117,13 +116,6 @@ type Layer struct { Namespace string `mapstructure:"namespace"` } -type Redis struct { - Hostname string `mapstructure:"hostname"` - ServerPort int `mapstructure:"serverPort"` - Password string `mapstructure:"password"` - Database int `mapstructure:"database"` -} - type HermitcrabConfig struct { Enabled bool `mapstructure:"enabled"` CertificateSecretName string `mapstructure:"certificateSecretName"` @@ -213,12 +205,6 @@ func bindEnvironmentVariables(v *viper.Viper, iface interface{}, parts ...string func TestConfig() *Config { return &Config{ - Redis: Redis{ - Hostname: "localhost", - ServerPort: 6379, - Password: "", - Database: 0, - }, Controller: ControllerConfig{ TerraformMaxRetries: 5, Timers: ControllerTimers{ diff --git a/internal/burrito/config/config_test.go b/internal/burrito/config/config_test.go index 7d38e9b3..752bb17e 100644 --- a/internal/burrito/config/config_test.go +++ b/internal/burrito/config/config_test.go @@ -79,12 +79,6 @@ func TestConfig_FromYamlFile(t *testing.T) { URL: "https://gitlab.example.com", }, }, - Redis: config.Redis{ - Hostname: "burrito-redis.namespace", - ServerPort: 5000, - Database: 0, - Password: "testPassword", - }, Server: config.ServerConfig{ Addr: ":9090", Webhook: config.WebhookConfig{ @@ -135,11 +129,6 @@ func TestConfig_EnvVarOverrides(t *testing.T) { setEnvVar(t, "BURRITO_RUNNER_REPOSITORY_USERNAME", "other-username", &envVarList) setEnvVar(t, "BURRITO_RUNNER_REPOSITORY_PASSWORD", "other-password", &envVarList) setEnvVar(t, "BURRITO_RUNNER_REPOSITORY_SSHPRIVATEKEY", "other-private-key", &envVarList) - // Redis - setEnvVar(t, "BURRITO_REDIS_HOSTNAME", "other-redis", &envVarList) - setEnvVar(t, "BURRITO_REDIS_SERVERPORT", "8000", &envVarList) - setEnvVar(t, "BURRITO_REDIS_DATABASE", "1", &envVarList) - setEnvVar(t, "BURRITO_REDIS_PASSWORD", "otherPassword", &envVarList) // Controller setEnvVar(t, "BURRITO_CONTROLLER_TYPES", "layer,repository", &envVarList) setEnvVar(t, "BURRITO_CONTROLLER_NAMESPACES", "default,burrito,other", &envVarList) @@ -220,12 +209,6 @@ func TestConfig_EnvVarOverrides(t *testing.T) { URL: "https://gitlab.com", }, }, - Redis: config.Redis{ - Hostname: "other-redis", - ServerPort: 8000, - Database: 1, - Password: "otherPassword", - }, Server: config.ServerConfig{ Addr: ":8090", Webhook: config.WebhookConfig{ @@ -308,11 +291,6 @@ func TestConfig_EnvVarOverrides(t *testing.T) { // URL: "https://gitlab.example.com", // }, // }, -// Redis: config.Redis{ -// URL: "burrito-redis:6379", -// Database: 0, -// Password: "testPassword", -// }, // Server: config.ServerConfig{ // Addr: ":8080", // Webhook: config.WebhookConfig{ diff --git a/internal/burrito/config/testdata/test-config-1.yaml b/internal/burrito/config/testdata/test-config-1.yaml index d8b6310e..9510f38f 100644 --- a/internal/burrito/config/testdata/test-config-1.yaml +++ b/internal/burrito/config/testdata/test-config-1.yaml @@ -35,12 +35,6 @@ controller: apiToken: "gitlab-token" url: "https://gitlab.example.com" -redis: - hostname: "burrito-redis.namespace" - serverPort: 5000 - database: 0 - password: "testPassword" - server: addr: ":9090" webhook: diff --git a/internal/controllers/terraformrun/pod.go b/internal/controllers/terraformrun/pod.go index 7f1e1f42..8e79b9fd 100644 --- a/internal/controllers/terraformrun/pod.go +++ b/internal/controllers/terraformrun/pod.go @@ -283,22 +283,6 @@ func defaultPodSpec(config *config.Config, layer *configv1alpha1.TerraformLayer, }, }, Env: []corev1.EnvVar{ - { - Name: "BURRITO_REDIS_HOSTNAME", - Value: config.Redis.Hostname, - }, - { - Name: "BURRITO_REDIS_SERVERPORT", - Value: fmt.Sprintf("%d", config.Redis.ServerPort), - }, - { - Name: "BURRITO_REDIS_PASSWORD", - Value: config.Redis.Password, - }, - { - Name: "BURRITO_REDIS_DATABASE", - Value: fmt.Sprintf("%d", config.Redis.Database), - }, { Name: "BURRITO_RUNNER_LAYER_NAME", Value: layer.Name, diff --git a/manifests/base/kustomization.yaml b/manifests/base/kustomization.yaml index 93d9f73b..45cf73e4 100644 --- a/manifests/base/kustomization.yaml +++ b/manifests/base/kustomization.yaml @@ -10,5 +10,4 @@ resources: - ./controllers - ./server - ./runner - - ./redis - ./config diff --git a/manifests/base/redis/deployment.yaml b/manifests/base/redis/deployment.yaml deleted file mode 100644 index 07412d02..00000000 --- a/manifests/base/redis/deployment.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: redis - app.kubernetes.io/name: burrito-redis - app.kubernetes.io/part-of: burrito - name: burrito-redis -spec: - selector: - matchLabels: - app.kubernetes.io/name: burrito-redis - template: - metadata: - labels: - app.kubernetes.io/name: burrito-redis - spec: - containers: - - args: [] - image: redis:7.0.7-alpine - imagePullPolicy: Always - name: redis - ports: - - containerPort: 6379 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - securityContext: - runAsNonRoot: true - runAsUser: 999 - seccompProfile: - type: RuntimeDefault - serviceAccountName: burrito-redis diff --git a/manifests/base/redis/kustomization.yaml b/manifests/base/redis/kustomization.yaml deleted file mode 100644 index 1bd8d94d..00000000 --- a/manifests/base/redis/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: - - serviceaccount.yaml - - deployment.yaml - - service.yaml - - rolebinding.yaml diff --git a/manifests/base/redis/rolebinding.yaml b/manifests/base/redis/rolebinding.yaml deleted file mode 100644 index ea81602a..00000000 --- a/manifests/base/redis/rolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: redis - app.kubernetes.io/name: burrito-redis - app.kubernetes.io/part-of: burrito - name: burrito-redis -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: burrito-redis -subjects: - - kind: ServiceAccount - name: burrito-redis - namespace: burrito diff --git a/manifests/base/redis/service.yaml b/manifests/base/redis/service.yaml deleted file mode 100644 index 8d3a8223..00000000 --- a/manifests/base/redis/service.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: redis - app.kubernetes.io/name: burrito-redis - app.kubernetes.io/part-of: burrito - name: burrito-redis -spec: - ports: - - name: tcp-redis - port: 6379 - targetPort: 6379 - selector: - app.kubernetes.io/name: burrito-redis diff --git a/manifests/base/redis/serviceaccount.yaml b/manifests/base/redis/serviceaccount.yaml deleted file mode 100644 index 9fa099ff..00000000 --- a/manifests/base/redis/serviceaccount.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: redis - app.kubernetes.io/name: burrito-redis - app.kubernetes.io/part-of: burrito - name: burrito-redis diff --git a/manifests/install.yaml b/manifests/install.yaml index a6c659e0..3a6b5e73 100644 --- a/manifests/install.yaml +++ b/manifests/install.yaml @@ -4333,15 +4333,6 @@ metadata: --- apiVersion: v1 kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: redis - app.kubernetes.io/name: burrito-redis - app.kubernetes.io/part-of: burrito - name: burrito-redis ---- -apiVersion: v1 -kind: ServiceAccount metadata: labels: app.kubernetes.io/component: runner @@ -4634,23 +4625,6 @@ rules: - update --- apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: redis - app.kubernetes.io/name: burrito-redis - app.kubernetes.io/part-of: burrito - name: burrito-redis -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: burrito-redis -subjects: -- kind: ServiceAccount - name: burrito-redis - namespace: burrito ---- -apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: @@ -4739,22 +4713,6 @@ type: Opaque --- apiVersion: v1 kind: Service -metadata: - labels: - app.kubernetes.io/component: redis - app.kubernetes.io/name: burrito-redis - app.kubernetes.io/part-of: burrito - name: burrito-redis -spec: - ports: - - name: tcp-redis - port: 6379 - targetPort: 6379 - selector: - app.kubernetes.io/name: burrito-redis ---- -apiVersion: v1 -kind: Service metadata: labels: app.kubernetes.io/component: server @@ -4829,42 +4787,6 @@ spec: --- apiVersion: apps/v1 kind: Deployment -metadata: - labels: - app.kubernetes.io/component: redis - app.kubernetes.io/name: burrito-redis - app.kubernetes.io/part-of: burrito - name: burrito-redis -spec: - selector: - matchLabels: - app.kubernetes.io/name: burrito-redis - template: - metadata: - labels: - app.kubernetes.io/name: burrito-redis - spec: - containers: - - args: [] - image: redis:7.0.7-alpine - imagePullPolicy: Always - name: redis - ports: - - containerPort: 6379 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - securityContext: - runAsNonRoot: true - runAsUser: 999 - seccompProfile: - type: RuntimeDefault - serviceAccountName: burrito-redis ---- -apiVersion: apps/v1 -kind: Deployment metadata: labels: app.kubernetes.io/component: server