Timemachine/mc-router
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Provide option for kubernetes to watch only a specific namespace (#433)

Browse Source
This commit is contained in:
Geoff Bourne
2025-07-20 12:59:14 -05:00
committed by GitHub
parent 9a457138ab
commit 7a4f83a30f
19 changed files with 663 additions and 142 deletions
Download Patch File Download Diff File Expand all files Collapse all files
kustomize/README.md
+64
View File
@@ -0,0 +1,64 @@
https://kubernetes.io/docs/tasks/manage-kubernetes-objects/kustomization/
## Example
To use your own dev image, such as via [Github Packages](https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry), create `kustomization.yml` and alter the overlay to choose `role` or `cluster-role`. This example assumes that a docker image pull secret has been created and named `ghrc-pull`, [see below](#creating-image-pull-secret).
```yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- https://github.com/itzg/mc-router/kustomize/overlays/role
# OR
# - https://github.com/itzg/mc-router/kustomize/overlays/cluster-role
images:
- name: itzg/mc-router
# replace your-user-org with your Github user/org and/or replace ghcr.io with your Docker registry
newName: ghcr.io/your-user-org/mc-router-dev
patches:
- target:
name: mc-router
kind: Deployment
patch: |-
apiVersion: apps/v1
kind: Deployment
metadata:
name: _
spec:
template:
spec:
imagePullSecrets:
- name: ghcr-pull
containers:
- name: mc-router
imagePullPolicy: Always
```
### Creating image pull secret
The following is an example of [creating an image pull secret](https://kubernetes.io/docs/reference/kubectl/generated/kubectl_create/kubectl_create_secret_docker-registry/) named `ghrc-pull`. Be sure to replace `your-user-org` and the password will be a [personal access token](https://github.com/settings/tokens) with `read:packages` scope.
```shell
kubectl create secret docker-registry ghcr-pull --docker-server=ghcr.io --docker-username=your-user-org --docker-password=ghp_...
```
### Build and push your image
Be sure to replace `your-user-org`:
```shell
docker build -t ghcr.io/your-user-org/mc-router-dev
docker push ghcr.io/your-user-org/mc-router-dev
```
### Apply the kustomization
```shell
kubectl apply -k .
```
or if you want to preview what will be generated and applied:
```shell
kubectl kustomize
```
kustomize/base/kustomization.yml
+6
View File
@@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- service-account.yml
- mc-router-deployment.yml
- server-examples.yaml
kustomize/base/mc-router-deployment.yml
+56
View File
@@ -0,0 +1,56 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: mc-router
name: mc-router
spec:
selector:
matchLabels:
app: mc-router
strategy:
type: Recreate
template:
metadata:
labels:
app: mc-router
spec:
serviceAccountName: mc-router
containers:
- image: itzg/mc-router
name: mc-router
# Add "--auto-scale-up" here for https://github.com/itzg/mc-router/#auto-scale-up
args:
- --api-binding
- :8080
- --in-kube-cluster
env:
- name: KUBE_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
ports:
- name: proxy
containerPort: 25565
- name: web
containerPort: 8080
resources:
requests:
memory: 50Mi
cpu: "100m"
limits:
memory: 100Mi
cpu: "250m"
---
apiVersion: v1
kind: Service
metadata:
name: mc-router
spec:
selector:
app: mc-router
ports:
- protocol: TCP
port: 25565
targetPort: proxy
type: NodePort
kustomize/base/server-examples.yaml
+84
View File
@@ -0,0 +1,84 @@
---
apiVersion: v1
kind: Service
metadata:
name: mc-latest
annotations:
"mc-router.itzg.me/defaultServer": "true"
spec:
type: NodePort
ports:
- port: 25565
name: minecraft
selector:
app: mc-latest
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: mc-latest
name: mc-latest
spec:
selector:
matchLabels:
app: mc-latest
template:
metadata:
labels:
app: mc-latest
spec:
securityContext:
runAsUser: 1000
fsGroup: 1000
containers:
- image: itzg/minecraft-server
name: mc-latest
env:
- name: EULA
value: "TRUE"
ports:
- containerPort: 25565
---
apiVersion: v1
kind: Service
metadata:
name: mc-snapshot
annotations:
"mc-router.itzg.me/externalServerName": "snapshot.your.domain"
spec:
type: NodePort
ports:
- port: 25565
name: minecraft
selector:
app: mc-snapshot
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: mc-snapshot
name: mc-snapshot
spec:
selector:
matchLabels:
app: mc-snapshot
template:
metadata:
labels:
app: mc-snapshot
spec:
securityContext:
runAsUser: 1000
fsGroup: 1000
containers:
- image: itzg/minecraft-server
name: mc-snapshot
env:
- name: EULA
value: "TRUE"
- name: VERSION
value: "SNAPSHOT"
ports:
- containerPort: 25565
kustomize/base/service-account.yml
+4
View File
@@ -0,0 +1,4 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: mc-router
kustomize/overlays/cluster-role/cluster-role.yml
+28
View File
@@ -0,0 +1,28 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: services-watcher
rules:
- apiGroups: [""]
resources: ["services"]
verbs: ["watch","list"]
- apiGroups: ["apps"]
resources: ["statefulsets"]
verbs: ["watch","list","get","update"]
- apiGroups: ["apps"]
resources: ["statefulsets/scale"]
verbs: ["get","update"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: mc-router-services-watcher
subjects:
- kind: ServiceAccount
name: mc-router
namespace: default
roleRef:
kind: ClusterRole
name: services-watcher
apiGroup: rbac.authorization.k8s.io
kustomize/overlays/cluster-role/kustomization.yml
+5
View File
@@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../base
- cluster-role.yml
kustomize/overlays/role/kustomization.yml
+5
View File
@@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../base
- role.yml
kustomize/overlays/role/role.yml
+28
View File
@@ -0,0 +1,28 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: services-watcher
rules:
- apiGroups: [""]
resources: ["services"]
verbs: ["watch","list"]
- apiGroups: ["apps"]
resources: ["statefulsets"]
verbs: ["watch","list","get","update"]
- apiGroups: ["apps"]
resources: ["statefulsets/scale"]
verbs: ["get","update"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: mc-router-services-watcher
subjects:
- kind: ServiceAccount
name: mc-router
namespace: default
roleRef:
kind: Role
name: services-watcher
apiGroup: rbac.authorization.k8s.io