mirror of
https://github.com/bloomberg/goldpinger.git
synced 2026-04-22 09:56:38 +00:00
1f3ad0acc9
This commit updates the README and examples to use rbac.authorization.k8s.io/v1 instead, which has been available since K8s 1.8 rbac.authorization.k8s.io/v1beta1 was deprecated in K8s 1.17 and removed in K8s 1.22. Reference: https://kubernetes.io/docs/reference/using-api/deprecation-guide/#rbac-resources-v122 Signed-off-by: Will Daly <widaly@microsoft.com>
118 lines
2.5 KiB
YAML
118 lines
2.5 KiB
YAML
---
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: goldpinger-serviceaccount
|
|
namespace: default
|
|
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: DaemonSet
|
|
metadata:
|
|
name: goldpinger
|
|
namespace: default
|
|
labels:
|
|
app: goldpinger
|
|
spec:
|
|
updateStrategy:
|
|
type: RollingUpdate
|
|
selector:
|
|
matchLabels:
|
|
app: goldpinger
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: goldpinger
|
|
spec:
|
|
serviceAccount: "goldpinger-serviceaccount"
|
|
securityContext:
|
|
runAsNonRoot: true
|
|
runAsUser: 1000
|
|
fsGroup: 2000
|
|
containers:
|
|
- name: goldpinger
|
|
env:
|
|
- name: HOST
|
|
value: "0.0.0.0"
|
|
- name: PORT
|
|
value: "8080"
|
|
# injecting real hostname will make for easier to understand graphs/metrics
|
|
- name: HOSTNAME
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: spec.nodeName
|
|
# podIP is used to select a randomized subset of nodes to ping.
|
|
- name: POD_IP
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: status.podIP
|
|
image: "docker.io/bloomberg/goldpinger:v3.0.0"
|
|
imagePullPolicy: Always
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
readOnlyRootFilesystem: true
|
|
resources:
|
|
limits:
|
|
memory: 80Mi
|
|
requests:
|
|
cpu: 1m
|
|
memory: 40Mi
|
|
ports:
|
|
- containerPort: 8080
|
|
name: http
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /healthz
|
|
port: 8080
|
|
initialDelaySeconds: 20
|
|
periodSeconds: 5
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /healthz
|
|
port: 8080
|
|
initialDelaySeconds: 20
|
|
periodSeconds: 5
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: goldpinger
|
|
namespace: default
|
|
labels:
|
|
app: goldpinger
|
|
spec:
|
|
type: NodePort
|
|
ports:
|
|
- port: 8080
|
|
nodePort: 30080
|
|
name: http
|
|
selector:
|
|
app: goldpinger
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: goldpinger-clusterrole
|
|
rules:
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- pods
|
|
verbs:
|
|
- list
|
|
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: goldpinger-clusterrolebinding
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: goldpinger-clusterrole
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: goldpinger-serviceaccount
|
|
namespace: default
|
|
|