Merge pull request #6 from fabiante/feat/prebuild-installer

fabiante · web-flow · commit 0342f5179a8c · 2024-11-30T17:45:28.000+01:00
Add Quick Start instructions to run latest podbouncer build
diff --git a/README.md b/README.md
@@ -27,7 +27,19 @@ data:
   maxPodAge: "1h"
 ```
 
-## Getting Started
+## Quick Start
+
+If you simply want to run podbouncer on your cluster, you can use the command below:
+
+**Warning:** With this command you will run a potentially destructive controller in your cluster.
+
+_Note:_ This installs podbouncer in the `podbouncer-system` namespace.
+
+```shell
+kubectl apply -f https://raw.githubusercontent.com/fabiante/podbouncer/refs/heads/main/dist/install.yaml
+```
+
+## Getting Started (Local Build + Deploy)
 
 ### Prerequisites
 - go version v1.22.0+
diff --git a/dist/install.yaml b/dist/install.yaml
@@ -0,0 +1,261 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: podbouncer
+    control-plane: controller-manager
+  name: podbouncer-system
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: podbouncer
+  name: podbouncer-controller-manager
+  namespace: podbouncer-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: podbouncer
+  name: podbouncer-leader-election-role
+  namespace: podbouncer-system
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: podbouncer-manager-role
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - configmaps/status
+  verbs:
+  - get
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - pods/status
+  verbs:
+  - get
+  - patch
+  - update
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: podbouncer-metrics-auth-role
+rules:
+- apiGroups:
+  - authentication.k8s.io
+  resources:
+  - tokenreviews
+  verbs:
+  - create
+- apiGroups:
+  - authorization.k8s.io
+  resources:
+  - subjectaccessreviews
+  verbs:
+  - create
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: podbouncer-metrics-reader
+rules:
+- nonResourceURLs:
+  - /metrics
+  verbs:
+  - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: podbouncer
+  name: podbouncer-leader-election-rolebinding
+  namespace: podbouncer-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: podbouncer-leader-election-role
+subjects:
+- kind: ServiceAccount
+  name: podbouncer-controller-manager
+  namespace: podbouncer-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: podbouncer
+  name: podbouncer-manager-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: podbouncer-manager-role
+subjects:
+- kind: ServiceAccount
+  name: podbouncer-controller-manager
+  namespace: podbouncer-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: podbouncer-metrics-auth-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: podbouncer-metrics-auth-role
+subjects:
+- kind: ServiceAccount
+  name: podbouncer-controller-manager
+  namespace: podbouncer-system
+---
+apiVersion: v1
+data:
+  maxPodAge: 1h
+kind: ConfigMap
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: podbouncer
+    control-plane: controller-manager
+  name: podbouncer-config
+  namespace: podbouncer-system
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: podbouncer
+    control-plane: controller-manager
+  name: podbouncer-controller-manager-metrics-service
+  namespace: podbouncer-system
+spec:
+  ports:
+  - name: https
+    port: 8443
+    protocol: TCP
+    targetPort: 8443
+  selector:
+    control-plane: controller-manager
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: podbouncer
+    control-plane: controller-manager
+  name: podbouncer-controller-manager
+  namespace: podbouncer-system
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      control-plane: controller-manager
+  template:
+    metadata:
+      annotations:
+        kubectl.kubernetes.io/default-container: manager
+      labels:
+        control-plane: controller-manager
+    spec:
+      containers:
+      - args:
+        - --metrics-bind-address=:8443
+        - --leader-elect
+        - --health-probe-bind-address=:8081
+        command:
+        - /manager
+        image: fabiante/podbouncer:latest
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 8081
+          initialDelaySeconds: 15
+          periodSeconds: 20
+        name: manager
+        readinessProbe:
+          httpGet:
+            path: /readyz
+            port: 8081
+          initialDelaySeconds: 5
+          periodSeconds: 10
+        resources:
+          limits:
+            cpu: 500m
+            memory: 128Mi
+          requests:
+            cpu: 10m
+            memory: 64Mi
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+      securityContext:
+        runAsNonRoot: true
+      serviceAccountName: podbouncer-controller-manager
+      terminationGracePeriodSeconds: 10
