Skip to content

Instantly share code, notes, and snippets.

@Flydiverny
Created February 11, 2019 20:26
Show Gist options
  • Save Flydiverny/4fab71a80f213c3fcf4d82135ed8df76 to your computer and use it in GitHub Desktop.
Save Flydiverny/4fab71a80f213c3fcf4d82135ed8df76 to your computer and use it in GitHub Desktop.
apiVersion: apps/v1beta2
kind: DaemonSet
metadata:
labels:
app: kiam
chart: kiam-2.1.0
component: "server"
heritage: Tiller
release: release-name
name: release-name-kiam-server
spec:
selector:
matchLabels:
app: kiam
component: "server"
release: release-name
template:
metadata:
labels:
app: kiam
component: "server"
release: release-name
spec:
serviceAccountName: release-name-kiam-server
hostNetwork: true
tolerations:
[]
volumes:
- name: tls
secret:
secretName: kiam-server-tls
- name: ssl-certs
hostPath:
path: /etc/pki/ca-trust/extracted/pem
containers:
- name: kiam-server
image: "quay.io/uswitch/kiam:v3.0"
imagePullPolicy: IfNotPresent
command:
- /kiam
- server
args:
- --json-log
- --level=info
- --bind=0.0.0.0:443
- --cert=/etc/kiam/tls/cert
- --key=/etc/kiam/tls/key
- --ca=/etc/kiam/tls/ca
- --role-base-arn-autodetect
- --session-duration=15m
- --sync=1m
- --prometheus-listen-addr=0.0.0.0:9620
- --prometheus-sync-interval=5s
volumeMounts:
- mountPath: /etc/kiam/tls
name: tls
- name: ssl-certs
mountPath: /etc/ssl/certs
readOnly: true
livenessProbe:
exec:
command:
- /kiam
- health
- --cert=/etc/kiam/tls/cert
- --key=/etc/kiam/tls/key
- --ca=/etc/kiam/tls/ca
- --server-address=127.0.0.1:443
- --server-address-refresh=2s
- --timeout=5s
- --gateway-timeout-creation=50ms
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 10
readinessProbe:
exec:
command:
- /kiam
- health
- --cert=/etc/kiam/tls/cert
- --key=/etc/kiam/tls/key
- --ca=/etc/kiam/tls/ca
- --server-address=127.0.0.1:443
- --server-address-refresh=2s
- --timeout=5s
- --gateway-timeout-creation=50ms
initialDelaySeconds: 3
periodSeconds: 10
timeoutSeconds: 10
updateStrategy:
type: OnDelete
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment