Last active
November 15, 2023 04:04
-
-
Save randomk/4b7548465c1f6bce8ce8e40e2920303d to your computer and use it in GitHub Desktop.
Revolutionizing Java: How Kubernetes 1.27 and Kyverno Supercharge Java App Startups
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRole | |
metadata: | |
name: kyverno:update-pods | |
labels: | |
app.kubernetes.io/component: background-controller | |
app.kubernetes.io/instance: kyverno | |
app.kubernetes.io/part-of: kyverno | |
rules: | |
- verbs: | |
- patch | |
- update | |
apiGroups: | |
- '' | |
resources: | |
- pods |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Example of specifying timeZone in CronJobSpec | |
apiVersion: batch/v1 | |
kind: CronJob | |
metadata: | |
name: timezone-specified-job | |
spec: | |
schedule: "0 0 * * *" | |
timeZone: "America/New_York" | |
jobTemplate: | |
spec: | |
template: | |
spec: | |
containers: | |
- name: example-job | |
image: job-image | |
restartPolicy: OnFailure |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Example of accessing the CVE feed | |
apiVersion: v1 | |
kind: Pod | |
metadata: | |
name: cve-feed-check | |
spec: | |
containers: | |
- name: cve-feed | |
image: cve-feed-image | |
command: ["sh", "-c", "curl https://kubernetes.io/cve-feed"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: apps/v1 | |
kind: Deployment | |
metadata: | |
name: sample-java | |
namespace: demo | |
labels: | |
app: sample-java | |
spec: | |
replicas: 1 | |
selector: | |
matchLabels: | |
app: sample-java | |
template: | |
metadata: | |
labels: | |
app: sample-java | |
spec: | |
containers: | |
- name: sample-java | |
image: kotlin-spring | |
ports: | |
- containerPort: 8080 | |
resources: | |
limits: | |
cpu: 4 | |
memory: "2Gi" | |
requests: | |
cpu: 0.1 | |
memory: "512Mi" | |
resizePolicy: | |
- resourceName: "cpu" | |
restartPolicy: "NotRequired" | |
readinessProbe: | |
httpGet: | |
path: /actuator/health/readiness | |
port: 8080 | |
scheme: HTTP | |
initialDelaySeconds: 15 | |
periodSeconds: 5 | |
successThreshold: 1 | |
failureThreshold: 3 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Example of using gRPC in readiness probes | |
apiVersion: v1 | |
kind: Pod | |
metadata: | |
name: grpc-readiness-example | |
spec: | |
containers: | |
- name: grpc-container | |
image: grpc-image | |
readinessProbe: | |
grpc: | |
port: 9090 | |
service: my-service | |
initialDelaySeconds: 5 | |
periodSeconds: 10 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Example command to fetch logs from a node | |
kubectl get --raw "/api/v1/nodes/node-1.example/proxy/logs/?query=kubelet" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: kyverno.io/v1 | |
kind: ClusterPolicy | |
metadata: | |
name: resize-pod-policy | |
spec: | |
mutateExistingOnPolicyUpdate: false | |
rules: | |
- name: resize-pod-policy | |
match: | |
any: | |
- resources: | |
kinds: | |
- Pod/status | |
- Pod | |
preconditions: | |
all: | |
- key: "{{request.object.status.containerStatuses[0].ready}}" | |
operator: Equals | |
value: true | |
mutate: | |
targets: | |
- apiVersion: v1 | |
kind: Pod | |
name: "{{request.object.metadata.name}}" | |
patchStrategicMerge: | |
spec: | |
containers: | |
- (name): sample-java | |
resources: | |
limits: | |
cpu: 0.5 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Example of setting terminationGracePeriodSeconds in a probe | |
apiVersion: v1 | |
kind: Pod | |
metadata: | |
name: graceful-shutdown-example | |
spec: | |
containers: | |
- name: example-container | |
image: example-image | |
livenessProbe: | |
httpGet: | |
path: /health | |
port: liveness | |
failureThreshold: 1 | |
periodSeconds: 60 | |
terminationGracePeriodSeconds: 60 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment