Created
April 5, 2019 20:19
-
-
Save mattalberts/20f6bfbe1acd771f502adef580328db8 to your computer and use it in GitHub Desktop.
Example Argo Tunnel Sidecare
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
``` | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
labels: | |
app: echo | |
name: echo | |
spec: | |
ports: | |
- name: http | |
port: 80 | |
protocol: TCP | |
targetPort: 8080 | |
selector: | |
app: echo | |
--- | |
apiVersion: extensions/v1beta1 | |
kind: Deployment | |
metadata: | |
labels: | |
app: echo | |
name: echo | |
spec: | |
replicas: 2 | |
selector: | |
matchLabels: | |
app: echo | |
template: | |
metadata: | |
labels: | |
app: echo | |
spec: | |
containers: | |
- name: echo | |
image: k8s.gcr.io/echoserver:1.10 | |
imagePullPolicy: Always | |
env: | |
- name: NODE_NAME | |
valueFrom: | |
fieldRef: | |
fieldPath: spec.nodeName | |
- name: POD_NAME | |
valueFrom: | |
fieldRef: | |
fieldPath: metadata.name | |
- name: POD_NAMESPACE | |
valueFrom: | |
fieldRef: | |
fieldPath: metadata.namespace | |
- name: POD_IP | |
valueFrom: | |
fieldRef: | |
fieldPath: status.podIP | |
ports: | |
- containerPort: 8080 | |
resources: | |
limits: | |
cpu: 20m | |
memory: 40Mi | |
requests: | |
cpu: 20m | |
memory: 40Mi | |
- name: tunnel | |
image: docker.io/mattalberts/cloudflared-linux-amd64:2018.11.0 | |
imagePullPolicy: Always | |
command: ["cloudflared", "tunnel"] | |
args: | |
- --url=http://127.0.0.1:8080 | |
- --hostname=echo.mattalberts.pink | |
- --lb-pool=echo | |
- --loglevel=debug | |
- --origincert=/etc/cloudflared/cert.pem | |
- --proto-loglevel=warn | |
- --no-autoupdate | |
- --retries=8 | |
- --tag=app=echo,src=k8s,name=$(POD_NAME),namespace=$(POD_NAMESPACE),host=echo.mattalberts.pink | |
env: | |
- name: POD_NAME | |
valueFrom: | |
fieldRef: | |
fieldPath: metadata.name | |
- name: POD_NAMESPACE | |
valueFrom: | |
fieldRef: | |
fieldPath: metadata.namespace | |
resources: | |
limits: | |
cpu: 10m | |
memory: 20Mi | |
requests: | |
cpu: 10m | |
memory: 20Mi | |
volumeMounts: | |
- mountPath: /etc/cloudflared | |
name: tunnel-secret | |
readOnly: true | |
terminationGracePeriodSeconds: 60 | |
volumes: | |
- name: tunnel-secret | |
secret: | |
secretName: mattalberts.pink | |
--- | |
``` |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Also ... just to note (based on questions related to overhead per-pod), think of side-car as a generic tool, rather than restricted to adding a side-car per origin pod instance ... for example, you could side-car your ingress-controller or any other load-balancer/proxy if you wanted to reduce the number of side-cars