imfreedom/k8s-cluster
Clone
Summary
Browse
Changes
Graph
Disable the fsGroup security context because it causes our container to time out for 20 minutes as k8s chown's all of the files in the volume. This isn't necessary except first start.
2020-05-07, Gary Kramlich
40090e27f8de
Disable the fsGroup security context because it causes our container to time out for 20 minutes as k8s chown's all of the files in the volume. This isn't necessary except first start.
---
apiVersion
:
apiextensions.k8s.io/v1beta1
kind
:
CustomResourceDefinition
metadata
:
name
:
ingressroutes.traefik.containo.us
spec
:
group
:
traefik.containo.us
version
:
v1alpha1
names
:
kind
:
IngressRoute
plural
:
ingressroutes
singular
:
ingressroute
scope
:
Namespaced
---
apiVersion
:
apiextensions.k8s.io/v1beta1
kind
:
CustomResourceDefinition
metadata
:
name
:
ingressroutetcps.traefik.containo.us
spec
:
group
:
traefik.containo.us
version
:
v1alpha1
names
:
kind
:
IngressRouteTCP
plural
:
ingressroutetcps
singular
:
ingressroutetcp
scope
:
Namespaced
---
apiVersion
:
apiextensions.k8s.io/v1beta1
kind
:
CustomResourceDefinition
metadata
:
name
:
middlewares.traefik.containo.us
spec
:
group
:
traefik.containo.us
version
:
v1alpha1
names
:
kind
:
Middleware
plural
:
middlewares
singular
:
middleware
scope
:
Namespaced
---
apiVersion
:
apiextensions.k8s.io/v1beta1
kind
:
CustomResourceDefinition
metadata
:
name
:
tlsoptions.traefik.containo.us
spec
:
group
:
traefik.containo.us
version
:
v1alpha1
names
:
kind
:
TLSOption
plural
:
tlsoptions
singular
:
tlsoption
scope
:
Namespaced
---
apiVersion
:
apiextensions.k8s.io/v1beta1
kind
:
CustomResourceDefinition
metadata
:
name
:
traefikservices.traefik.containo.us
spec
:
group
:
traefik.containo.us
version
:
v1alpha1
names
:
kind
:
TraefikService
plural
:
traefikservices
singular
:
traefikservice
scope
:
Namespaced
---
apiVersion
:
v1
kind
:
ServiceAccount
metadata
:
name
:
traefik-service-account
namespace
:
kube-public
labels
:
app
:
traefik
role
:
controller
---
kind
:
ClusterRole
apiVersion
:
rbac.authorization.k8s.io/v1
metadata
:
name
:
traefik-cluster-role
labels
:
app
:
traefik
role
:
controller
rules
:
-
apiGroups
:
-
""
resources
:
-
pods
-
services
-
endpoints
-
secrets
verbs
:
-
get
-
list
-
watch
-
apiGroups
:
-
extensions
resources
:
-
ingresses
verbs
:
-
get
-
list
-
watch
-
apiGroups
:
-
networking.k8s.io
resources
:
-
ingresses
verbs
:
-
get
-
list
-
watch
-
apiGroups
:
-
extensions
resources
:
-
ingresses/status
verbs
:
-
update
-
apiGroups
:
-
traefik.containo.us
resources
:
-
ingressroutes
-
ingressroutetcps
-
middlewares
-
tlsoptions
-
traefikservices
verbs
:
-
get
-
list
-
watch
---
apiVersion
:
rbac.authorization.k8s.io/v1
kind
:
ClusterRoleBinding
metadata
:
name
:
traefik-cluster-role-binding
labels
:
app
:
traefik
role
:
controller
roleRef
:
apiGroup
:
rbac.authorization.k8s.io
kind
:
ClusterRole
name
:
traefik-cluster-role
subjects
:
-
kind
:
ServiceAccount
name
:
traefik-service-account
namespace
:
kube-public
---
apiVersion
:
traefik.containo.us/v1alpha1
kind
:
TLSOption
metadata
:
name
:
default
namespace
:
kube-public
spec
:
minVersion
:
VersionTLS12
maxVersion
:
VersionTLS13
cipherSuites
:
-
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
sniStrict
:
true
---
apiVersion
:
apps/v1
kind
:
Deployment
metadata
:
name
:
traefik
namespace
:
kube-public
labels
:
app
:
traefik
role
:
controller
spec
:
replicas
:
2
selector
:
matchLabels
:
app
:
traefik
role
:
controller
template
:
metadata
:
labels
:
app
:
traefik
role
:
controller
spec
:
affinity
:
podAntiAffinity
:
preferredDuringSchedulingIgnoredDuringExecution
:
-
podAffinityTerm
:
labelSelector
:
matchExpressions
:
-
key
:
app
operator
:
In
values
:
-
traefik
-
key
:
role
operator
:
In
values
:
-
controller
topologyKey
:
failure-domain.beta.kubernetes.io/region
weight
:
100
serviceAccountName
:
traefik-service-account
containers
:
-
name
:
traefik-ingress-controller
image
:
docker.io/traefik:v2.1.9
args
:
-
"--global.checknewversion=false"
-
"--global.sendanonymoususage=false"
-
"--api.dashboard=true"
-
"--api.insecure=true"
-
"--ping=true"
-
"--providers.kubernetescrd=true"
-
"--providers.kubernetesingress=true"
-
"--metrics.prometheus=true"
-
"--log.level=error"
-
"--entryPoints.traefik.address=:9000"
-
"--entryPoints.https.address=:8443"
-
"--entryPoints.http.address=:8080"
-
"--entryPoints.keep-ssh.address=:22222"
-
"--entryPoints.xmpp-c2s.address=:5222"
-
"--entryPoints.xmpp-s2s.address=:5269"
readinessProbe
:
httpGet
:
path
:
/ping
port
:
9000
failureThreshold
:
1
initialDelaySeconds
:
10
periodSeconds
:
10
successThreshold
:
1
timeoutSeconds
:
2
livenessProbe
:
httpGet
:
path
:
/ping
port
:
9000
failureThreshold
:
3
initialDelaySeconds
:
10
periodSeconds
:
10
successThreshold
:
1
timeoutSeconds
:
2
ports
:
-
name
:
traefik
containerPort
:
9000
-
name
:
keep-ssh
containerPort
:
22222
-
name
:
http
containerPort
:
8080
-
name
:
https
containerPort
:
8443
-
name
:
xmpp-c2s
containerPort
:
5222
-
name
:
xmpp-s2s
containerPort
:
5269
resources
:
limits
:
cpu
:
300m
memory
:
150Mi
requests
:
cpu
:
100m
memory
:
50Mi
---
apiVersion
:
v1
kind
:
Service
metadata
:
name
:
ingress
namespace
:
kube-public
labels
:
app
:
ingress
role
:
controller
spec
:
selector
:
app
:
traefik
role
:
controller
type
:
LoadBalancer
externalTrafficPolicy
:
Cluster
ports
:
-
name
:
hgkeeper
port
:
22
targetPort
:
keep-ssh
-
name
:
http
port
:
80
targetPort
:
http
-
name
:
https
port
:
443
targetPort
:
https
-
name
:
xmpp-c2s
port
:
5222
targetPort
:
xmpp-c2s
-
name
:
xmpp-s2s
port
:
5269
targetPort
:
xmpp-s2s
---
apiVersion
:
networking.k8s.io/v1
kind
:
NetworkPolicy
metadata
:
namespace
:
kube-public
name
:
traefik
labels
:
app
:
traefik
role
:
controller
spec
:
podSelector
:
matchLabels
:
app
:
traefik
role
:
controller
ingress
:
-
from
:
-
namespaceSelector
:
matchLabels
:
name
:
monitoring
podSelector
:
matchLabels
:
app
:
prometheus
prometheus
:
k8s
ports
:
-
port
:
traefik
protocol
:
TCP
---
apiVersion
:
monitoring.coreos.com/v1
kind
:
ServiceMonitor
metadata
:
namespace
:
kube-public
name
:
traefik
labels
:
app
:
traefik
role
:
controller
spec
:
selector
:
matchLabels
:
app
:
traefik
role
:
controller
endpoints
:
-
port
:
traefik
interval
:
15s
---
