wip: Add alb-controller-manager deploy files

Author: jamand

deploy/application-load-balancer-controller-manager/deployment.yaml

@@ -0,0 +1,59 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: kube-system
+  name: stackit-application-load-balancer-contoller-manager
+  labels:
+    app: stackit-application-load-balancer-contoller-manager
+spec:
+  replicas: 2
+  strategy:
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      app: stackit-application-load-balancer-contoller-manager
+  template:
+    metadata:
+      labels:
+        app: stackit-application-load-balancer-contoller-manager
+    spec:
+      serviceAccountName: stackit-application-load-balancer-contoller-manager
+      terminationGracePeriodSeconds: 30
+      containers:
+      - name: stackit-application-load-balancer-contoller-manager
+        # TODO(jamand): Adapt image tag
+        image: ghcr.io/stackitcloud/cloud-provider-stackit/stackit-application-load-balancer-contoller-manager:XXX
+        args:
+        - "--authorization-always-allow-paths=/metrics"
+        - "--leader-elect=true"
+        - "--leader-elect-resource-name=stackit-application-load-balancer-contoller-manager"
+        - "--enable-http2"
+        - "--metrics-bind-address=8080"
+        - "--secureMetrics=false"
+        # TODO(jamand): Check webhook cert + enableHTTP2 flag
+        env:
+        - name: STACKIT_SERVICE_ACCOUNT_KEY_PATH
+          value: /etc/serviceaccount/sa_key.json
+        ports:
+        - containerPort: 8080
+          hostPort: 8080
+          name: metrics
+          protocol: TCP
+        - containerPort: 8081
+          hostPort: 8081
+          name: probe
+          protocol: TCP
+        resources:
+          limits:
+            cpu: "0.5"
+            memory: 500Mi
+          requests:
+            cpu: "0.1"
+            memory: 100Mi
+        volumeMounts:
+        - mountPath: /etc/serviceaccount
+          name: cloud-secret
+      volumes:
+      - name: cloud-secret
+        secret:
+          secretName: stackit-cloud-secret

deploy/application-load-balancer-controller-manager/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- deployment.yaml
+- rbac.yaml
+

deploy/application-load-balancer-controller-manager/rbac.yaml

@@ -0,0 +1,60 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: kube-system
+  name: stackit-application-load-balancer-contoller-manager
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: stackit-application-load-balancer-contoller-manager
+rules:
+  # TODO(jamand): Go through rules again
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
+  - update
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  verbs:
+  - list
+- apiGroups:
+  - "networking.k8s.io"
+  resources:
+  - ingress
+  verbs:
+  - get
+- apiGroups:
+  - "networking.k8s.io"
+  resources:
+  - ingress/status
+  verbs:
+  - patch
+- apiGroups:
+  - "networking.k8s.io"
+  resources:
+  - ingressclass
+  verbs:
+  - list
+  - patch
+  - update
+  - watch
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: stackit-application-load-balancer-contoller-manager
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: stackit-application-load-balancer-contoller-manager
+subjects:
+- kind: ServiceAccount
+  name: stackit-application-load-balancer-contoller-manager
+  namespace: kube-system

deploy/application-load-balancer-controller-manager/service.yaml

@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: stackit-application-load-balancer-contoller-manager
+  namespace: kube-system
+  name: stackit-application-load-balancer-contoller-manager
+spec:
+  selector:
+    app: stackit-application-load-balancer-contoller-manager
+  ports:
+  - name: probe
+    port: 8081
+    targetPort: probe
+    protocol: TCP
+  - name: metrics
+    port: 8080
+    targetPort: metrics
+    protocol: TCP
+  type: ClusterIP