-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathexample.deployment.yaml
More file actions
141 lines (132 loc) · 3.37 KB
/
example.deployment.yaml
File metadata and controls
141 lines (132 loc) · 3.37 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
apiVersion: apps/v1
kind: Deployment
metadata:
labels: {}
name: powerdns-auth
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels: {}
template:
metadata:
labels: {}
spec:
containers:
- name: powerdns-auth
image: ghcr.io/crystalnet-org/powerdns-auth:5.0.1-8
imagePullPolicy: IfNotPresent
env:
- name: PDNS_SETUID
value: "1001"
- name: PDNS_SETGID
value: "1001"
- name: PDNS_API
value: "yes"
- name: PDNS_API_KEY
valueFrom:
secretKeyRef:
key: POWERDNS_API_KEY
name: powerdns-secret
- name: PDNS_LAUNCH
value: "gpgsql"
- name: PDNS_WEBSERVER
value: "yes"
- name: PDNS_WEBSERVER_PORT
value: "8081"
- name: PDNS_WEBSERVER_ADDRESS
value: "0.0.0.0"
- name: PDNS_WEBSERVER_ALLOW_FROM
value: "0.0.0.0/0"
- name: PDNS_LOGLEVEL
value: "3"
- name: PDNS_ALLOW_AXFR_IPS
value: "127.0.0.1"
- name: PDNS_DISABLE_AXFR
value: "no"
- name: PDNS_GPGSQL_HOST
valueFrom:
secretKeyRef:
name: powerdns-psql-pguser-powerdns
key: host
- name: PDNS_GPGSQL_PORT
valueFrom:
secretKeyRef:
name: powerdns-psql-pguser-powerdns
key: port
- name: PDNS_GPGSQL_DBNAME
valueFrom:
secretKeyRef:
name: powerdns-psql-pguser-powerdns
key: dbname
- name: PDNS_GPGSQL_USER
valueFrom:
secretKeyRef:
name: powerdns-psql-pguser-powerdns
key: user
- name: PDNS_GPGSQL_PASSWORD
valueFrom:
secretKeyRef:
name: powerdns-psql-pguser-powerdns
key: password
- name: PDNS_GPGSQL_DNSSEC
value: "yes"
startupProbe:
httpGet:
path: /
port: api
scheme: HTTP
failureThreshold: 20
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
livenessProbe:
failureThreshold: 3
httpGet:
path: /
port: api
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
readinessProbe:
exec:
command:
- /container/check_readyness.sh
failureThreshold: 3
initialDelaySeconds: 30
periodSeconds: 5
ports:
- containerPort: 10353
name: dns-udp
hostPort: 53
protocol: UDP
- containerPort: 10353
name: dns-tcp
hostPort: 53
protocol: TCP
- containerPort: 8081
name: api
protocol: TCP
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
drop:
- ALL
resources: {}
volumeMounts:
- name: tmp
mountPath: /tmp
securityContext:
runAsNonRoot: true
runAsUser: 1001
runAsGroup: 1001
fsGroup: 1001
seccompProfile:
type: RuntimeDefault
volumes:
- name: tmp
emptyDir:
medium: Memory