-
Notifications
You must be signed in to change notification settings - Fork 12
/
Copy pathexample.yml
120 lines (120 loc) · 3.86 KB
/
example.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
---
# see https://kubernetes.io/docs/concepts/services-networking/ingress/
# see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#ingress-v1-networking-k8s-io
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: example
spec:
rules:
- host: example.example.test
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: example
port:
name: web
---
# see https://kubernetes.io/docs/concepts/services-networking/service/#type-clusterip
# see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#service-v1-core
# see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#serviceport-v1-core
apiVersion: v1
kind: Service
metadata:
name: example
spec:
type: ClusterIP
selector:
app: example
ports:
- name: web
port: 80
protocol: TCP
targetPort: web
---
# see https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
# see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#deployment-v1-apps
# see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#podtemplatespec-v1-core
# see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#container-v1-core
apiVersion: apps/v1
kind: Deployment
metadata:
name: example
spec:
replicas: 1
selector:
matchLabels:
app: example
template:
metadata:
labels:
app: example
spec:
enableServiceLinks: false
containers:
# see https://github.com/rgl/example-docker-buildx-go
- name: example
image: ruilopes/example-docker-buildx-go:v1.11.0
args:
- -listen=0.0.0.0:9000
env:
# configure the go runtime to honor the k8s memory and cpu resource
# limits.
# NB resourceFieldRef will cast the limits to bytes and integer
# number of cpus (rounding up to the nearest integer).
# see https://pkg.go.dev/runtime
# see https://www.riverphillips.dev/blog/go-cfs/
# see https://github.com/golang/go/issues/33803
# see https://github.com/traefik/traefik-helm-chart/pull/1029
- name: GOMEMLIMIT
valueFrom:
resourceFieldRef:
resource: limits.memory
- name: GOMAXPROCS
valueFrom:
resourceFieldRef:
resource: limits.cpu
# see https://kubernetes.io/docs/tasks/inject-data-application/environment-variable-expose-pod-information/
# see https://github.com/kubernetes/kubernetes/blob/v1.31.4/test/e2e/common/node/downwardapi.go
- name: EXAMPLE_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: EXAMPLE_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: EXAMPLE_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: EXAMPLE_POD_UID
valueFrom:
fieldRef:
fieldPath: metadata.uid
- name: EXAMPLE_POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
ports:
- name: web
containerPort: 9000
resources:
requests:
memory: 20Mi
cpu: '0.1'
limits:
memory: 20Mi
cpu: '0.1'
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault