ConfigMap für keel.sh für die custom Root CA erzeugen
apiVersion: v1
kind: ConfigMap
metadata:
name: ca-gallauner
namespace: "keel"
data:
ca-gallauner.pem: |
-----BEGIN CERTIFICATE-----
....
-----END CERTIFICATE-----
keel.sh via YAML installieren
- Basic Auth für Dashboard (PortForward 9300 von Pod)
- ConfigMap für CA mounten
containers:
- name: keel
image: "keelhq/keel:latest"
imagePullPolicy: Always
command: ["/bin/keel"]
env:
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
# Basic auth (to enable UI/API)
- name: BASIC_AUTH_USER
value: "admin"
- name: BASIC_AUTH_PASSWORD
value: "admin"
# Enable insecure registries
- name: INSECURE_REGISTRY
value: "false"
ports:
- containerPort: 9300
livenessProbe:
httpGet:
path: /healthz
port: 9300
initialDelaySeconds: 30
timeoutSeconds: 10
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 50m
memory: 64Mi
volumeMounts:
- name: ca-gallauner
mountPath: /etc/ssl/certs/ca-gallauner.pem
subPath: ca-gallauner.pem
readOnly: false
volumes:
- name: ca-gallauner
configMap:
name: ca-gallauner
keel.sh Annotations im Zieldeployment einfügen
metadata:
labels:
app: homer
annotations:
keel.sh/policy: all
keel.sh/trigger: poll
keel.sh/pollSchedule: "@every 1m"
keel.sh/approvals: "0"