waylon 0.2.0 → 0.2.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +64 -27
- data/README.md +110 -7
- data/examples/deploying/helm/waylon/.helmignore +16 -0
- data/examples/deploying/helm/waylon/Chart.yaml +5 -0
- data/examples/deploying/helm/waylon/README.md +71 -0
- data/examples/deploying/helm/waylon/templates/_helpers.tpl +7 -0
- data/examples/deploying/helm/waylon/templates/redis-pv.yaml +19 -0
- data/examples/deploying/helm/waylon/templates/redis-pvc.yaml +18 -0
- data/examples/deploying/helm/waylon/templates/redis-statefulset.yaml +107 -0
- data/examples/deploying/helm/waylon/templates/web-deployment.yaml +99 -0
- data/examples/deploying/helm/waylon/templates/web-ingress.yaml +48 -0
- data/examples/deploying/helm/waylon/templates/web-service.yaml +26 -0
- data/examples/deploying/helm/waylon/templates/worker-deployment.yaml +101 -0
- data/examples/deploying/helm/waylon/values.yaml +50 -0
- data/examples/deploying/k8s/README.md +11 -0
- data/examples/deploying/k8s/redis-statefulset.yaml +86 -0
- data/examples/deploying/k8s/web-deployment.yaml +85 -0
- data/examples/deploying/k8s/web-ingress.yaml +32 -0
- data/examples/deploying/k8s/web-service.yaml +18 -0
- data/examples/deploying/k8s/worker-deployment.yaml +87 -0
- data/exe/waylon +283 -0
- data/scripts/test.sh +2 -0
- data/waylon.gemspec +2 -1
- metadata +34 -2
@@ -0,0 +1,48 @@
|
|
1
|
+
{{- if .Values.web.ingress.enabled -}}
|
2
|
+
apiVersion: networking.k8s.io/v1
|
3
|
+
kind: Ingress
|
4
|
+
metadata:
|
5
|
+
name: web
|
6
|
+
labels:
|
7
|
+
app.kubernetes.io/name: web
|
8
|
+
app.kubernetes.io/component: ingress
|
9
|
+
{{- include "waylon.commonLabels" . | nindent 4 }}
|
10
|
+
{{- with .Values.web.ingress.labels }}
|
11
|
+
{{- toYaml . | nindent 4 }}
|
12
|
+
{{- end }}
|
13
|
+
annotations:
|
14
|
+
kubernetes.io/ingress.class: {{ .Values.web.ingress.class }}
|
15
|
+
nginx.ingress.kubernetes.io/preserve-host: "true"
|
16
|
+
{{- if .Values.web.ingress.tls.enabled }}
|
17
|
+
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
18
|
+
{{- if eq .Values.web.ingress.tls.issuer "letsencrypt" }}
|
19
|
+
{{- if eq .Values.web.ingress.tls.issuerClass "ClusterIssuer" }}
|
20
|
+
cert-manager.io/cluster-issuer: letsencrypt
|
21
|
+
{{- else }}
|
22
|
+
cert-manager.io/issuer: letsencrypt
|
23
|
+
{{- end }}
|
24
|
+
cert-manager.io/acme-challenge-type: http01
|
25
|
+
{{- end }}
|
26
|
+
{{- end }}
|
27
|
+
{{- with .Values.web.ingress.annotations }}
|
28
|
+
{{- toYaml . | nindent 4 }}
|
29
|
+
{{- end }}
|
30
|
+
spec:
|
31
|
+
rules:
|
32
|
+
- host: {{ .Values.web.ingress.hostname }}
|
33
|
+
http:
|
34
|
+
paths:
|
35
|
+
- pathType: Prefix
|
36
|
+
path: /
|
37
|
+
backend:
|
38
|
+
service:
|
39
|
+
name: waylon
|
40
|
+
port:
|
41
|
+
name: waylon
|
42
|
+
{{- if .Values.web.ingress.tls.enabled }}
|
43
|
+
tls:
|
44
|
+
- hosts:
|
45
|
+
- {{ .Values.web.ingress.hostname }}
|
46
|
+
secretName: web-ingress-tls
|
47
|
+
{{- end }}
|
48
|
+
{{- end -}}
|
@@ -0,0 +1,26 @@
|
|
1
|
+
apiVersion: v1
|
2
|
+
kind: Service
|
3
|
+
metadata:
|
4
|
+
name: web
|
5
|
+
labels:
|
6
|
+
app.kubernetes.io/name: web
|
7
|
+
app.kubernetes.io/component: service
|
8
|
+
{{- include "waylon.commonLabels" . | nindent 4 }}
|
9
|
+
{{- with .Values.web.service.labels }}
|
10
|
+
{{- toYaml . | nindent 4 }}
|
11
|
+
{{- end }}
|
12
|
+
{{- if .Values.web.service.annotations }}
|
13
|
+
annotations:
|
14
|
+
{{- toYaml .Values.web.service.annotations | nindent 4 }}
|
15
|
+
{{- end }}
|
16
|
+
spec:
|
17
|
+
type: {{ .Values.web.service.type }}
|
18
|
+
ports:
|
19
|
+
- port: {{ .Values.web.service.port }}
|
20
|
+
targetPort: 9292
|
21
|
+
protocol: TCP
|
22
|
+
name: waylon
|
23
|
+
selector:
|
24
|
+
app.kubernetes.io/component: web
|
25
|
+
{{- include "waylon.commonLabels" . | nindent 4 }}
|
26
|
+
|
@@ -0,0 +1,101 @@
|
|
1
|
+
apiVersion: apps/v1
|
2
|
+
kind: Deployment
|
3
|
+
metadata:
|
4
|
+
name: worker
|
5
|
+
labels:
|
6
|
+
app.kubernetes.io/name: worker
|
7
|
+
app.kubernetes.io/component: worker
|
8
|
+
{{- include "waylon.commonLabels" . | nindent 4 }}
|
9
|
+
{{- with .Values.worker.deployment.labels }}
|
10
|
+
{{- toYaml . | nindent 4 }}
|
11
|
+
{{- end }}
|
12
|
+
{{- if .Values.worker.deployment.annotations }}
|
13
|
+
annotations:
|
14
|
+
{{- toYaml .Values.worker.deployment.annotations | nindent 4 }}
|
15
|
+
{{- end }}
|
16
|
+
spec:
|
17
|
+
replicas: {{ .Values.worker.deployment.replicas }}
|
18
|
+
strategy:
|
19
|
+
type: RollingUpdate
|
20
|
+
rollingUpdate:
|
21
|
+
maxSurge: {{ .Values.worker.deployment.maxSurge }}
|
22
|
+
maxUnavailable: {{ .Values.worker.deployment.maxUnavailable }}
|
23
|
+
selector:
|
24
|
+
matchLabels:
|
25
|
+
app.kubernetes.io/component: worker
|
26
|
+
{{- include "waylon.commonLabels" . | nindent 6 }}
|
27
|
+
template:
|
28
|
+
metadata:
|
29
|
+
labels:
|
30
|
+
app.kubernetes.io/name: worker
|
31
|
+
app.kubernetes.io/component: worker
|
32
|
+
{{- include "waylon.commonLabels" . | nindent 8 }}
|
33
|
+
spec:
|
34
|
+
{{- if .Values.common.strictSecurity }}
|
35
|
+
securityContext:
|
36
|
+
runAsUser: 1000
|
37
|
+
runAsGroup: 1000
|
38
|
+
{{- end }}
|
39
|
+
{{- if .Values.common.imagePullSecret }}
|
40
|
+
imagePullSecrets:
|
41
|
+
- name: {{ .Values.common.imagePullSecret }}
|
42
|
+
{{- end }}
|
43
|
+
volumes:
|
44
|
+
- name: tmpvol
|
45
|
+
emptyDir: {}
|
46
|
+
containers:
|
47
|
+
- name: worker
|
48
|
+
image: {{ .Values.common.waylonImage }}
|
49
|
+
imagePullPolicy: {{ .Values.worker.deployment.imagePullPolicy }}
|
50
|
+
stdin: true
|
51
|
+
tty: true
|
52
|
+
args: ["worker"]
|
53
|
+
env:
|
54
|
+
- name: REDIS
|
55
|
+
value: {{ .Values.redis.hostAndPort }}
|
56
|
+
- name: LOG_LEVEL
|
57
|
+
value: {{ .Values.worker.deployment.logLevel }}
|
58
|
+
- name: QUEUE
|
59
|
+
value: "senses,skills"
|
60
|
+
envFrom:
|
61
|
+
- secretRef:
|
62
|
+
name: waylon-secret
|
63
|
+
resources:
|
64
|
+
limits:
|
65
|
+
memory: {{ .Values.worker.deployment.memoryLimit }}
|
66
|
+
cpu: {{ .Values.worker.deployment.cpuLimit }}
|
67
|
+
requests:
|
68
|
+
memory: 64Mi
|
69
|
+
cpu: 20m
|
70
|
+
livenessProbe:
|
71
|
+
tcpSocket:
|
72
|
+
port: waylon
|
73
|
+
timeoutSeconds: 2
|
74
|
+
initialDelaySeconds: 2
|
75
|
+
periodSeconds: 2
|
76
|
+
failureThreshold: 3
|
77
|
+
readinessProbe:
|
78
|
+
httpGet:
|
79
|
+
path: /ping
|
80
|
+
port: waylon
|
81
|
+
timeoutSeconds: 6
|
82
|
+
initialDelaySeconds: 2
|
83
|
+
periodSeconds: 10
|
84
|
+
failureThreshold: 3
|
85
|
+
ports:
|
86
|
+
- name: waylon
|
87
|
+
containerPort: 9292
|
88
|
+
protocol: TCP
|
89
|
+
volumeMounts:
|
90
|
+
- mountPath: /tmp
|
91
|
+
name: tmpvol
|
92
|
+
{{- if .Values.common.strictSecurity }}
|
93
|
+
securityContext:
|
94
|
+
allowPrivilegeEscalation: false
|
95
|
+
privileged: false
|
96
|
+
runAsNonRoot: true
|
97
|
+
readOnlyRootFilesystem: true
|
98
|
+
capabilities:
|
99
|
+
drop:
|
100
|
+
- all
|
101
|
+
{{- end }}
|
@@ -0,0 +1,50 @@
|
|
1
|
+
common:
|
2
|
+
strictSecurity: true
|
3
|
+
waylonImage: MISSING
|
4
|
+
|
5
|
+
redis:
|
6
|
+
enabled: true
|
7
|
+
hostAndPort: redis:6379
|
8
|
+
image: redis:6-alpine
|
9
|
+
imagePullPolicy: Always
|
10
|
+
command:
|
11
|
+
- "redis-server"
|
12
|
+
- "--appendonly yes"
|
13
|
+
cpuLimit: 200m
|
14
|
+
memoryLimit: 512Mi
|
15
|
+
storage:
|
16
|
+
capacity: 1Gi
|
17
|
+
class: longhorn
|
18
|
+
|
19
|
+
web:
|
20
|
+
deployment:
|
21
|
+
imagePullPolicy: IfNotPresent
|
22
|
+
logLevel: DEBUG
|
23
|
+
# Rollout settings
|
24
|
+
maxSurge: 2
|
25
|
+
maxUnavailable: 0
|
26
|
+
replicas: 1
|
27
|
+
cpuLimit: 250m
|
28
|
+
memoryLimit: 256Mi
|
29
|
+
ingress:
|
30
|
+
enabled: true
|
31
|
+
class: nginx
|
32
|
+
hostname: MISSING
|
33
|
+
tls:
|
34
|
+
enabled: true
|
35
|
+
issuer: letsencrypt
|
36
|
+
issuerClass: ClusterIssuer
|
37
|
+
service:
|
38
|
+
port: 80
|
39
|
+
type: ClusterIP
|
40
|
+
|
41
|
+
worker:
|
42
|
+
deployment:
|
43
|
+
imagePullPolicy: IfNotPresent
|
44
|
+
logLevel: DEBUG
|
45
|
+
# Rollout settings
|
46
|
+
maxSurge: 2
|
47
|
+
maxUnavailable: 0
|
48
|
+
replicas: 2
|
49
|
+
cpuLimit: 500m
|
50
|
+
memoryLimit: 768Mi
|
@@ -0,0 +1,11 @@
|
|
1
|
+
# Deploying Waylon to Kubernetes
|
2
|
+
|
3
|
+
This is an example of deploying a Waylon image to Kubernetes. To use it, you must identify a hostname for Waylon to be externally accessible (for plugins that require that) in `web-ingress.yaml`. You must also set the image used for the containers in `web-deployment.yaml` and `worker-deployment.yaml` to your pre-built Waylon docker image.
|
4
|
+
|
5
|
+
Once these modifications are made, you can launch Waylon on your Kubernetes cluster using something like:
|
6
|
+
|
7
|
+
```sh
|
8
|
+
$ kubectl -n some-namespace apply -f *.yaml
|
9
|
+
```
|
10
|
+
|
11
|
+
The files in this example make some hefty assumptions, such as that your cluster has a `StorageClass` called `longhorn` and that you won't need credentials to pull images from your registry. Please be sure to review the files fully and make any necessary changes before using them.
|
@@ -0,0 +1,86 @@
|
|
1
|
+
apiVersion: apps/v1
|
2
|
+
kind: StatefulSet
|
3
|
+
metadata:
|
4
|
+
name: redis
|
5
|
+
labels:
|
6
|
+
app.kubernetes.io/name: redis
|
7
|
+
app.kubernetes.io/component: redis
|
8
|
+
app.kubernetes.io/part-of: waylon
|
9
|
+
spec:
|
10
|
+
serviceName: redis
|
11
|
+
# set to 1 because we're not configuring clustering
|
12
|
+
replicas: 1
|
13
|
+
selector:
|
14
|
+
matchLabels:
|
15
|
+
app.kubernetes.io/name: redis
|
16
|
+
app.kubernetes.io/component: redis
|
17
|
+
app.kubernetes.io/part-of: waylon
|
18
|
+
template:
|
19
|
+
metadata:
|
20
|
+
labels:
|
21
|
+
app.kubernetes.io/name: redis
|
22
|
+
app.kubernetes.io/component: redis
|
23
|
+
app.kubernetes.io/part-of: waylon
|
24
|
+
spec:
|
25
|
+
containers:
|
26
|
+
- name: redis
|
27
|
+
image: redis:6-alpine
|
28
|
+
imagePullPolicy: Always
|
29
|
+
stdin: true
|
30
|
+
tty: true
|
31
|
+
command:
|
32
|
+
- redis-server
|
33
|
+
- --appendonly yes
|
34
|
+
securityContext:
|
35
|
+
readOnlyRootFilesystem: true
|
36
|
+
allowPrivilegeEscalation: false
|
37
|
+
privileged: false
|
38
|
+
runAsNonRoot: true
|
39
|
+
runAsUser: 999
|
40
|
+
runAsGroup: 999
|
41
|
+
capabilities:
|
42
|
+
drop:
|
43
|
+
- ALL
|
44
|
+
resources:
|
45
|
+
limits:
|
46
|
+
memory: 512Mi
|
47
|
+
cpu: 200m
|
48
|
+
requests:
|
49
|
+
memory: 8Mi
|
50
|
+
cpu: 20m
|
51
|
+
ports:
|
52
|
+
- containerPort: 6379
|
53
|
+
protocol: TCP
|
54
|
+
name: redis
|
55
|
+
readinessProbe:
|
56
|
+
exec:
|
57
|
+
command:
|
58
|
+
- sh
|
59
|
+
- -c
|
60
|
+
- "/usr/local/bin/redis-cli -h $(hostname) ping"
|
61
|
+
initialDelaySeconds: 15
|
62
|
+
timeoutSeconds: 5
|
63
|
+
livenessProbe:
|
64
|
+
exec:
|
65
|
+
command:
|
66
|
+
- sh
|
67
|
+
- -c
|
68
|
+
- "/usr/local/bin/redis-cli -h $(hostname) ping"
|
69
|
+
initialDelaySeconds: 30
|
70
|
+
periodSeconds: 2
|
71
|
+
successThreshold: 1
|
72
|
+
failureThreshold: 3
|
73
|
+
timeoutSeconds: 5
|
74
|
+
volumeMounts:
|
75
|
+
- name: datadir
|
76
|
+
mountPath: /data
|
77
|
+
volumeClaimTemplates:
|
78
|
+
- metadata:
|
79
|
+
name: datadir
|
80
|
+
spec:
|
81
|
+
accessModes:
|
82
|
+
- "ReadWriteOnce"
|
83
|
+
resources:
|
84
|
+
requests:
|
85
|
+
storage: 1Gi
|
86
|
+
storageClassName: "longhorn"
|
@@ -0,0 +1,85 @@
|
|
1
|
+
apiVersion: apps/v1
|
2
|
+
kind: Deployment
|
3
|
+
metadata:
|
4
|
+
name: web
|
5
|
+
labels:
|
6
|
+
app.kubernetes.io/name: web
|
7
|
+
app.kubernetes.io/component: web
|
8
|
+
app.kubernetes.io/part-of: waylon
|
9
|
+
spec:
|
10
|
+
replicas: 1
|
11
|
+
strategy:
|
12
|
+
type: RollingUpdate
|
13
|
+
rollingUpdate:
|
14
|
+
maxSurge: 2
|
15
|
+
maxUnavailable: 0
|
16
|
+
selector:
|
17
|
+
matchLabels:
|
18
|
+
app.kubernetes.io/component: web
|
19
|
+
app.kubernetes.io/part-of: waylon
|
20
|
+
template:
|
21
|
+
metadata:
|
22
|
+
labels:
|
23
|
+
app.kubernetes.io/name: web
|
24
|
+
app.kubernetes.io/component: web
|
25
|
+
app.kubernetes.io/part-of: waylon
|
26
|
+
spec:
|
27
|
+
securityContext:
|
28
|
+
runAsUser: 1000
|
29
|
+
runAsGroup: 1000
|
30
|
+
volumes:
|
31
|
+
- name: tmpvol
|
32
|
+
emptyDir: {}
|
33
|
+
containers:
|
34
|
+
- name: web
|
35
|
+
# This MUST be set to a real image
|
36
|
+
image: MISSING
|
37
|
+
imagePullPolicy: IfNotPresent
|
38
|
+
stdin: true
|
39
|
+
tty: true
|
40
|
+
args: ["web"]
|
41
|
+
env:
|
42
|
+
- name: REDIS
|
43
|
+
value: redis:6379
|
44
|
+
- name: LOG_LEVEL
|
45
|
+
value: DEBUG
|
46
|
+
envFrom:
|
47
|
+
- secretRef:
|
48
|
+
name: waylon-secret
|
49
|
+
resources:
|
50
|
+
limits:
|
51
|
+
memory: 256Mi
|
52
|
+
cpu: 250m
|
53
|
+
requests:
|
54
|
+
memory: 64Mi
|
55
|
+
cpu: 10m
|
56
|
+
livenessProbe:
|
57
|
+
tcpSocket:
|
58
|
+
port: waylon
|
59
|
+
timeoutSeconds: 2
|
60
|
+
initialDelaySeconds: 2
|
61
|
+
periodSeconds: 2
|
62
|
+
failureThreshold: 3
|
63
|
+
readinessProbe:
|
64
|
+
httpGet:
|
65
|
+
path: /ping
|
66
|
+
port: waylon
|
67
|
+
timeoutSeconds: 6
|
68
|
+
initialDelaySeconds: 2
|
69
|
+
periodSeconds: 10
|
70
|
+
failureThreshold: 3
|
71
|
+
ports:
|
72
|
+
- name: waylon
|
73
|
+
containerPort: 9292
|
74
|
+
protocol: TCP
|
75
|
+
volumeMounts:
|
76
|
+
- mountPath: /tmp
|
77
|
+
name: tmpvol
|
78
|
+
securityContext:
|
79
|
+
allowPrivilegeEscalation: false
|
80
|
+
privileged: false
|
81
|
+
runAsNonRoot: true
|
82
|
+
readOnlyRootFilesystem: true
|
83
|
+
capabilities:
|
84
|
+
drop:
|
85
|
+
- all
|
@@ -0,0 +1,32 @@
|
|
1
|
+
apiVersion: networking.k8s.io/v1
|
2
|
+
kind: Ingress
|
3
|
+
metadata:
|
4
|
+
name: web
|
5
|
+
labels:
|
6
|
+
app.kubernetes.io/name: web
|
7
|
+
app.kubernetes.io/component: ingress
|
8
|
+
app.kubernetes.io/part-of: waylon
|
9
|
+
annotations:
|
10
|
+
kubernetes.io/ingress.class: nginx
|
11
|
+
nginx.ingress.kubernetes.io/preserve-host: "true"
|
12
|
+
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
13
|
+
cert-manager.io/cluster-issuer: letsencrypt
|
14
|
+
cert-manager.io/acme-challenge-type: http01
|
15
|
+
spec:
|
16
|
+
rules:
|
17
|
+
# This needs to be a real name accessible from the Internet
|
18
|
+
- host: foo.bar
|
19
|
+
http:
|
20
|
+
paths:
|
21
|
+
- pathType: Prefix
|
22
|
+
path: /
|
23
|
+
backend:
|
24
|
+
service:
|
25
|
+
name: waylon
|
26
|
+
port:
|
27
|
+
name: waylon
|
28
|
+
tls:
|
29
|
+
- hosts:
|
30
|
+
# This needs to be a real name accessible from the Internet, same as above
|
31
|
+
- foo.bar
|
32
|
+
secretName: web-ingress-tls
|
@@ -0,0 +1,18 @@
|
|
1
|
+
apiVersion: v1
|
2
|
+
kind: Service
|
3
|
+
metadata:
|
4
|
+
name: web
|
5
|
+
labels:
|
6
|
+
app.kubernetes.io/name: web
|
7
|
+
app.kubernetes.io/component: service
|
8
|
+
app.kubernetes.io/part-of: waylon
|
9
|
+
spec:
|
10
|
+
type: ClusterIP
|
11
|
+
ports:
|
12
|
+
- port: 80
|
13
|
+
targetPort: 9292
|
14
|
+
protocol: TCP
|
15
|
+
name: waylon
|
16
|
+
selector:
|
17
|
+
app.kubernetes.io/component: web
|
18
|
+
app.kubernetes.io/part-of: waylon
|
@@ -0,0 +1,87 @@
|
|
1
|
+
apiVersion: apps/v1
|
2
|
+
kind: Deployment
|
3
|
+
metadata:
|
4
|
+
name: worker
|
5
|
+
labels:
|
6
|
+
app.kubernetes.io/name: worker
|
7
|
+
app.kubernetes.io/component: worker
|
8
|
+
app.kubernetes.io/part-of: waylon
|
9
|
+
spec:
|
10
|
+
replicas: 2
|
11
|
+
strategy:
|
12
|
+
type: RollingUpdate
|
13
|
+
rollingUpdate:
|
14
|
+
maxSurge: 2
|
15
|
+
maxUnavailable: 0
|
16
|
+
selector:
|
17
|
+
matchLabels:
|
18
|
+
app.kubernetes.io/component: worker
|
19
|
+
app.kubernetes.io/part-of: waylon
|
20
|
+
template:
|
21
|
+
metadata:
|
22
|
+
labels:
|
23
|
+
app.kubernetes.io/name: worker
|
24
|
+
app.kubernetes.io/component: worker
|
25
|
+
app.kubernetes.io/part-of: waylon
|
26
|
+
spec:
|
27
|
+
securityContext:
|
28
|
+
runAsUser: 1000
|
29
|
+
runAsGroup: 1000
|
30
|
+
volumes:
|
31
|
+
- name: tmpvol
|
32
|
+
emptyDir: {}
|
33
|
+
containers:
|
34
|
+
- name: worker
|
35
|
+
# This MUST be set to a real image
|
36
|
+
image: MISSING
|
37
|
+
imagePullPolicy: IfNotPresent
|
38
|
+
stdin: true
|
39
|
+
tty: true
|
40
|
+
args: ["worker"]
|
41
|
+
env:
|
42
|
+
- name: REDIS
|
43
|
+
value: redis:6379
|
44
|
+
- name: LOG_LEVEL
|
45
|
+
value: DEBUG
|
46
|
+
- name: QUEUE
|
47
|
+
value: "senses,skills"
|
48
|
+
envFrom:
|
49
|
+
- secretRef:
|
50
|
+
name: waylon-secret
|
51
|
+
resources:
|
52
|
+
limits:
|
53
|
+
memory: 768Mi
|
54
|
+
cpu: 500m
|
55
|
+
requests:
|
56
|
+
memory: 64Mi
|
57
|
+
cpu: 20m
|
58
|
+
livenessProbe:
|
59
|
+
tcpSocket:
|
60
|
+
port: waylon
|
61
|
+
timeoutSeconds: 2
|
62
|
+
initialDelaySeconds: 2
|
63
|
+
periodSeconds: 2
|
64
|
+
failureThreshold: 3
|
65
|
+
readinessProbe:
|
66
|
+
httpGet:
|
67
|
+
path: /ping
|
68
|
+
port: waylon
|
69
|
+
timeoutSeconds: 6
|
70
|
+
initialDelaySeconds: 2
|
71
|
+
periodSeconds: 10
|
72
|
+
failureThreshold: 3
|
73
|
+
ports:
|
74
|
+
- name: waylon
|
75
|
+
containerPort: 9292
|
76
|
+
protocol: TCP
|
77
|
+
volumeMounts:
|
78
|
+
- mountPath: /tmp
|
79
|
+
name: tmpvol
|
80
|
+
securityContext:
|
81
|
+
allowPrivilegeEscalation: false
|
82
|
+
privileged: false
|
83
|
+
runAsNonRoot: true
|
84
|
+
readOnlyRootFilesystem: true
|
85
|
+
capabilities:
|
86
|
+
drop:
|
87
|
+
- all
|