| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849 |
- apiVersion: apps/v1
- kind: DaemonSet
- metadata:
- name: multus-validation-test-image-pull-{{ .NodeType }}
- labels:
- app: multus-validation-test-image-pull
- nodeType: "{{ .NodeType }}"
- app.kubernetes.io/name: "image-puller"
- app.kubernetes.io/instance: "image-puller-{{ .NodeType }}"
- app.kubernetes.io/component: "image-puller"
- app.kubernetes.io/part-of: "multus-validation-test"
- app.kubernetes.io/managed-by: "rook-cli"
- spec:
- selector:
- matchLabels:
- app: multus-validation-test-image-pull
- nodeType: "{{ .NodeType }}"
- template:
- metadata:
- labels:
- app: multus-validation-test-image-pull
- nodeType: "{{ .NodeType }}"
- spec:
- nodeSelector:
- {{- range $k, $v := .Placement.NodeSelector }}
- {{ $k }}: {{ $v }}
- {{- end }}
- tolerations:
- {{- range $idx, $toleration := .Placement.Tolerations }}
- - {{ $toleration.ToJSON }}
- {{- end }}
- securityContext:
- runAsNonRoot: true
- seccompProfile:
- type: RuntimeDefault
- containers:
- - name: sleep
- # use nginx image because it's already used for the web server pod and has a non-root user
- image: "{{ .NginxImage }}"
- command:
- - sleep
- - infinity
- resources: {}
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - "ALL"
- readOnlyRootFilesystem: true
|
