Skip to content

Commit e0dcd85

Browse files
committed
chore(integrations/registry): remove deprecated kustomize features
Signed-off-by: Artem <[email protected]>
1 parent 659ce79 commit e0dcd85

34 files changed

+242
-218
lines changed

manifests/integrations/registry-credentials-sync/_base/kustomization.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,8 +7,8 @@ commonLabels:
77
resources:
88
- sync.yaml
99

10-
patchesStrategicMerge:
11-
- kubectl-patch.yaml
10+
patches:
11+
- path: kubectl-patch.yaml
1212

1313
vars:
1414
- name: KUBE_SECRET

manifests/integrations/registry-credentials-sync/_base/sync.yaml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -101,9 +101,9 @@ rules:
101101
- create
102102
- update
103103
- patch
104-
# # Lock this down to the specific Secret name (Optional)
105-
#resourceNames:
106-
#- $(KUBE_SECRET) # templated from kustomize vars referencing ConfigMap, also see kustomizeconfig.yaml
104+
# Lock this down to the specific Secret name (Optional)
105+
resourceNames:
106+
- $(KUBE_SECRET) # templated from kustomize vars referencing ConfigMap, also see kustomizeconfig.yaml
107107
---
108108
kind: RoleBinding
109109
apiVersion: rbac.authorization.k8s.io/v1

manifests/integrations/registry-credentials-sync/_cronjobs/_base/kustomization.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,8 +7,8 @@ commonLabels:
77
resources:
88
- sync.yaml
99

10-
patchesStrategicMerge:
11-
- kubectl-patch.yaml
10+
patches:
11+
- path: kubectl-patch.yaml
1212

1313
vars:
1414
- name: KUBE_SECRET
Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
# Bind IRSA for the ServiceAccount
2+
---
3+
apiVersion: v1
4+
kind: ServiceAccount
5+
metadata:
6+
name: credentials-sync
7+
namespace: flux-system
8+
annotations:
9+
eks.amazonaws.com/role-arn: <role arn> # set the ARN for your role
Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
---
2+
apiVersion: v1
3+
kind: ConfigMap
4+
metadata:
5+
name: credentials-sync
6+
data:
7+
ECR_REGION: us-east-1 # set the region
8+
ECR_REGISTRY: <account id>.dkr.ecr.<region>.amazonaws.com # fill in the account id and region
9+
KUBE_SECRET: ecr-credentials # does not yet exist -- will be created in the same Namespace

manifests/integrations/registry-credentials-sync/_cronjobs/aws/config-patches.yaml

Lines changed: 0 additions & 52 deletions
This file was deleted.
Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
# If not using IRSA, set the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables
2+
# Store these values in a Secret and load them in the container using envFrom.
3+
# For managing this secret via GitOps, consider using SOPS or SealedSecrets and add that manifest in a resource file for this kustomize build.
4+
# https://fluxcd.io/docs/guides/mozilla-sops/
5+
# https://fluxcd.io/docs/guides/sealed-secrets/
6+
---
7+
apiVersion: batch/v1beta1
8+
kind: CronJob
9+
metadata:
10+
name: credentials-sync
11+
namespace: flux-system
12+
spec:
13+
jobTemplate:
14+
spec:
15+
template:
16+
spec:
17+
containers:
18+
- name: sync
19+
envFrom:
20+
- secretRef:
21+
name: $(ECR_SECRET_NAME) # uncomment the var for this in kustomization.yaml
Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
# Set the reconcile period
2+
---
3+
apiVersion: batch/v1beta1
4+
kind: CronJob
5+
metadata:
6+
name: credentials-sync
7+
namespace: flux-system
8+
spec:
9+
schedule: 0 */6 * * * # every 6hrs -- ECR tokens expire every 12 hours; refresh faster than that
Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
apiVersion: v1
2+
kind: Secret
3+
metadata:
4+
name: credentials-sync
5+
data:
6+
AWS_ACCESS_KEY_ID: Zm9vCg==
7+
AWS_SECRET_ACCESS_KEY: YmFyCg==
8+
type: Opaque

manifests/integrations/registry-credentials-sync/_cronjobs/aws/kustomization.yaml

Lines changed: 13 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -7,19 +7,26 @@ commonLabels:
77

88
namespace: flux-system
99

10-
bases:
10+
resources:
1111
- ../_base
12-
## If not using IRSA, consider creating the following file via SOPS or SealedSecrets
12+
# # If not using IRSA, consider creating the following file via SOPS or SealedSecrets
1313
# - encrypted-secret.yaml
1414

15-
patchesStrategicMerge:
16-
- config-patches.yaml
17-
- reconcile-patch.yaml
15+
patches:
16+
- path: config-map-patch.yaml
17+
- path: reconcile-patch.yaml
18+
- path: ecr-token-refresh-patch.yaml
19+
# Comment out bind-irsa-patch.yaml if not using IRSA
20+
- path: bind-irsa-patch.yaml
21+
# # Uncomment if not using IRSA, please also check credentials-injection-patch.yaml
22+
# - path: credentials-injection-patch.yaml
1823

19-
## uncomment if using encrypted-secret.yaml
24+
# # Uncomment if using encrypted-secret.yaml
2025
# vars:
2126
# - name: ECR_SECRET_NAME
2227
# objref:
2328
# kind: Secret
2429
# name: credentials-sync
2530
# apiVersion: v1
31+
# configurations:
32+
# - kustomizeconfig.yaml

0 commit comments

Comments
 (0)