KHIYANI, RAHUL (rk0850) 98dbc6dfef Add security context template to prometheus-blackbox-exporter
This change adds security context template at pod level to implement
runAsUser flag

This change adds security context template at container level to implement
readOnly-fs flag

Change-Id: Icbea3487c058d88188061d0d5a77458dce910884
2020-08-26 00:02:06 +00:00

70 lines
3.3 KiB
YAML

{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- $envAll := . }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: prometheus-blackbox-exporter
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
labels:
{{ tuple $envAll "prometheus-blackbox-exporter" "exporter" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 2 }}
spec:
replicas: {{ .Values.pod.replicas.prometheus_blackbox_exporter }}
selector:
matchLabels:
{{ tuple $envAll "prometheus-blackbox-exporter" "exporter" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
template:
metadata:
labels:
{{ tuple $envAll "prometheus-blackbox-exporter" "exporter" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
annotations:
{{ dict "envAll" $envAll "podName" "prometheus-blackbox-exporter" "containerNames" (list "blackbox-exporter") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "prometheus_blackbox_exporter" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
nodeSelector:
{{ .Values.labels.blackbox_exporter.node_selector_key }}: {{ .Values.labels.blackbox_exporter.node_selector_value | quote }}
containers:
- name: blackbox-exporter
{{ tuple $envAll "prometheus_blackbox_exporter" | include "helm-toolkit.snippets.image" | indent 8 }}
{{ tuple $envAll $envAll.Values.pod.resources.prometheus_blackbox_exporter | include "helm-toolkit.snippets.kubernetes_resources" | indent 8 }}
{{ dict "envAll" $envAll "application" "prometheus_blackbox_exporter" "container" "blackbox_exporter" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 8 }}
args:
- "--config.file=/config/blackbox.yaml"
ports:
- name: metrics
containerPort: {{ tuple "prometheus_blackbox_exporter" "internal" "metrics" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
livenessProbe:
httpGet:
path: /health
port: {{ tuple "prometheus_blackbox_exporter" "internal" "metrics" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
initialDelaySeconds: 30
periodSeconds: 30
readinessProbe:
httpGet:
path: /health
port: {{ tuple "prometheus_blackbox_exporter" "internal" "metrics" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
initialDelaySeconds: 20
periodSeconds: 30
volumeMounts:
- mountPath: /config/blackbox.yaml
name: config
subPath: blackbox.yaml
volumes:
- name: config
secret:
secretName: prometheus-blackbox-exporter-etc