blob: 2d8c8cef41a86ed0f954eead2dab2362106ce1d9 [file] [log] [blame]
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
namespace: default
name: k8s-checker
rules:
- apiGroups:
- ""
resources:
- pods
verbs: ["list"]
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: k8s-checker
namespace: default
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: k8s-checker
namespace: default
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: k8s-checker
subjects:
- kind: ServiceAccount
name: k8s-checker
namespace: default
---
apiVersion: v1
kind: Service
metadata:
labels:
app: k8s-checker
name: k8s-checker
spec:
ports:
- name: metrics
port: 20000
selector:
app: k8s-checker
type: NodePort
---
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: k8s-checker
spec:
replicas: 1
strategy:
type: RollingUpdate
template:
metadata:
labels:
app: k8s-checker
annotations:
prometheus.io.scrape: "true"
prometheus.io.port: "20000"
spec:
serviceAccountName: k8s-checker
automountServiceAccountToken: true
securityContext:
runAsUser: 2000 # aka skia
fsGroup: 2000 # aka skia
containers:
- name: k8s-checker
image: gcr.io/skia-public/k8s_checker:2019-10-07T20_31_04Z-rmistry-447a6b3-clean
args:
- "--logtostderr"
- "--workdir=/mnt/k8s-checker"
- "--k8s_yaml_repo=https://skia.googlesource.com/skia-public-config"
- "--prom_port=:20000"
ports:
- containerPort: 20000
volumeMounts:
- name: skia-k8s-checker-sa
mountPath: /var/secrets/google
- name: k8s-checker-storage
mountPath: /mnt/k8s-checker
- name: skia-org-legacy-login-secrets
mountPath: /etc/skia.org/
env:
- name: GOOGLE_APPLICATION_CREDENTIALS
value: /var/secrets/google/key.json
resources:
requests:
memory: "10Mi"
cpu: "10m"
volumes:
- name: skia-k8s-checker-sa
secret:
secretName: skia-k8s-checker
- name: k8s-checker-storage
emptyDir: {}
- name: skia-org-legacy-login-secrets
secret:
secretName: skia-org-legacy-login-secrets