randomvariable/goldpinger.yaml

## goldpinger.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: goldpinger-serviceaccount
  namespace: default
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: goldpinger
  namespace: default
  labels:
    app: goldpinger
spec:
  updateStrategy:
    type: RollingUpdate
  selector:
    matchLabels:
      app: goldpinger
  template:
    metadata:
      labels:
        app: goldpinger
    spec:
      tolerations:
      - effect: NoSchedule
        operator: Exists
      - effect: NoExecute
        operator: Exists
      - key: CriticalAddonsOnly
        operator: Exists
      - effect: NoExecute
        key: node.kubernetes.io/not-ready
        operator: Exists
      - effect: NoExecute
        key: node.kubernetes.io/unreachable
        operator: Exists
      - effect: NoSchedule
        key: node.kubernetes.io/disk-pressure
        operator: Exists
      - effect: NoSchedule
        key: node.kubernetes.io/memory-pressure
        operator: Exists
      - effect: NoSchedule
        key: node.kubernetes.io/pid-pressure
        operator: Exists
      - effect: NoSchedule
        key: node.kubernetes.io/unschedulable
        operator: Exists
      - effect: NoSchedule
        key: node.kubernetes.io/network-unavailable
        operator: Exists
      serviceAccount: "goldpinger-serviceaccount"
      securityContext:
        runAsNonRoot: true
        runAsUser: 1000
        fsGroup: 2000
      containers:
        - name: goldpinger
          env:
            - name: HOST
              value: "0.0.0.0"
            - name: PORT
              value: "8080"
            # injecting real hostname will make for easier to understand graphs/metrics
            - name: HOSTNAME
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
            # podIP is used to select a randomized subset of nodes to ping.
            - name: POD_IP
              valueFrom:
                fieldRef:
                  fieldPath: status.podIP
          image: "docker.io/bloomberg/goldpinger:v3.0.0"
          imagePullPolicy: Always
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
          resources:
            limits:
              memory: 80Mi
            requests:
              cpu: 1m
              memory: 40Mi
          ports:
            - containerPort: 8080
              name: http
          readinessProbe:
            httpGet:
              path: /healthz
              port: 8080
            initialDelaySeconds: 20
            periodSeconds: 5
          livenessProbe:
            httpGet:
              path: /healthz
              port: 8080
            initialDelaySeconds: 20
            periodSeconds: 5
---
apiVersion: v1
kind: Service
metadata:
  name: goldpinger
  namespace: default
  labels:
    app: goldpinger
spec:
  type: NodePort
  ports:
    - port: 8080
      nodePort: 30080
      name: http
  selector:
    app: goldpinger
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: goldpinger-clusterrole
rules:
- apiGroups:
  - ""
  resources:
  - pods
  verbs:
  - list

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: goldpinger-clusterrolebinding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: goldpinger-clusterrole
subjects:
  - kind: ServiceAccount
    name: goldpinger-serviceaccount
    namespace: default
	---
	apiVersion: v1
	kind: ServiceAccount
	metadata:
	name: goldpinger-serviceaccount
	namespace: default
	---
	apiVersion: apps/v1
	kind: DaemonSet
	metadata:
	name: goldpinger
	namespace: default
	labels:
	app: goldpinger
	spec:
	updateStrategy:
	type: RollingUpdate
	selector:
	matchLabels:
	app: goldpinger
	template:
	metadata:
	labels:
	app: goldpinger
	spec:
	tolerations:
	- effect: NoSchedule
	operator: Exists
	- effect: NoExecute
	operator: Exists
	- key: CriticalAddonsOnly
	operator: Exists
	- effect: NoExecute
	key: node.kubernetes.io/not-ready
	operator: Exists
	- effect: NoExecute
	key: node.kubernetes.io/unreachable
	operator: Exists
	- effect: NoSchedule
	key: node.kubernetes.io/disk-pressure
	operator: Exists
	- effect: NoSchedule
	key: node.kubernetes.io/memory-pressure
	operator: Exists
	- effect: NoSchedule
	key: node.kubernetes.io/pid-pressure
	operator: Exists
	- effect: NoSchedule
	key: node.kubernetes.io/unschedulable
	operator: Exists
	- effect: NoSchedule
	key: node.kubernetes.io/network-unavailable
	operator: Exists
	serviceAccount: "goldpinger-serviceaccount"
	securityContext:
	runAsNonRoot: true
	runAsUser: 1000
	fsGroup: 2000
	containers:
	- name: goldpinger
	env:
	- name: HOST
	value: "0.0.0.0"
	- name: PORT
	value: "8080"
	# injecting real hostname will make for easier to understand graphs/metrics
	- name: HOSTNAME
	valueFrom:
	fieldRef:
	fieldPath: spec.nodeName
	# podIP is used to select a randomized subset of nodes to ping.
	- name: POD_IP
	valueFrom:
	fieldRef:
	fieldPath: status.podIP
	image: "docker.io/bloomberg/goldpinger:v3.0.0"
	imagePullPolicy: Always
	securityContext:
	allowPrivilegeEscalation: false
	readOnlyRootFilesystem: true
	resources:
	limits:
	memory: 80Mi
	requests:
	cpu: 1m
	memory: 40Mi
	ports:
	- containerPort: 8080
	name: http
	readinessProbe:
	httpGet:
	path: /healthz
	port: 8080
	initialDelaySeconds: 20
	periodSeconds: 5
	livenessProbe:
	httpGet:
	path: /healthz
	port: 8080
	initialDelaySeconds: 20
	periodSeconds: 5
	---
	apiVersion: v1
	kind: Service
	metadata:
	name: goldpinger
	namespace: default
	labels:
	app: goldpinger
	spec:
	type: NodePort
	ports:
	- port: 8080
	nodePort: 30080
	name: http
	selector:
	app: goldpinger
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRole
	metadata:
	name: goldpinger-clusterrole
	rules:
	- apiGroups:
	- ""
	resources:
	- pods
	verbs:
	- list

	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRoleBinding
	metadata:
	name: goldpinger-clusterrolebinding
	roleRef:
	apiGroup: rbac.authorization.k8s.io
	kind: ClusterRole
	name: goldpinger-clusterrole
	subjects:
	- kind: ServiceAccount
	name: goldpinger-serviceaccount
	namespace: default