API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 17th, 2019
78
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
YAML 3.22 KB | None | 0 0
raw download clone embed print report
  1. ---
  2. kind: PodSecurityPolicy
  3. metadata:
  4.   annotations: {}
  5.   labels:
  6.     name: metallb-psp
  7.   name: metallb-psp
  8. spec:
  9.   allowPrivilegeEscalation: false
  10.   allowedCapabilities:
  11.    - net_raw
  12.   fsGroup:
  13.     ranges:
  14.       - max: 65535
  15.         min: 1
  16.     rule: MustRunAs
  17.   hostIPC: false
  18.   hostNetwork: true
  19.   hostPID: false
  20.   hostPorts:
  21.     - max: 7472
  22.       min: 7472
  23.   privileged: false
  24.   readOnlyRootFilesystem: false
  25.   requiredDropCapabilities:
  26.    - ALL
  27.   runAsGroup:
  28.     rule: MustRunAsNonRoot
  29.   runAsUser:
  30.     rule: MustRunAsNonRoot
  31.   seLinux:
  32.     rule: RunAsAny
  33.   supplementalGroups:
  34.     ranges:
  35.       - max: 65535
  36.         min: 1
  37.     rule: MustRunAs
  38.   volumes:
  39.    - configMap
  40.     - secret
  41. ---
  42. apiVersion: rbac.authorization.k8s.io/v1beta1
  43. kind: ClusterRole
  44. metadata:
  45.   annotations: {}
  46.   labels:
  47.     app: metallb
  48.     name: metallb-system-speaker
  49.   name: metallb-system:speaker
  50. rules:
  51.   - apiGroups:
  52.      - ""
  53.     resources:
  54.      - services
  55.       - endpoints
  56.       - nodes
  57.     verbs:
  58.      - get
  59.       - list
  60.       - watch
  61.   - apiGroups:
  62.      - extensions
  63.     resourceNames:
  64.      - metallb-psp
  65.     resources:
  66.      - podsecuritypolicies
  67.     verbs:
  68.      - use
  69. ---
  70. apiVersion: v1
  71. kind: ServiceAccount
  72. metadata:
  73.   annotations: {}
  74.   labels:
  75.     app: metallb
  76.     name: metallb-speaker
  77.   name: metallb-speaker
  78.   namespace: metallb-system
  79. ---
  80. apiVersion: rbac.authorization.k8s.io/v1beta1
  81. kind: ClusterRoleBinding
  82. metadata:
  83.   annotations: {}
  84.   labels:
  85.     app: metallb
  86.     name: metallb-system-speaker
  87.   name: metallb-system:speaker
  88. roleRef:
  89.   apiGroup: rbac.authorization.k8s.io
  90.   kind: ClusterRole
  91.   name: metallb-system:speaker
  92. subjects:
  93.   - kind: ServiceAccount
  94.     name: metallb-speaker
  95.     namespace: metallb-system
  96. ---
  97. apiVersion: apps/v1beta2
  98. kind: DaemonSet
  99. metadata:
  100.   annotations: {}
  101.   labels:
  102.     component: speaker
  103.   name: speaker
  104.   namespace: metallb-system
  105. spec:
  106.   selector:
  107.     matchLabels:
  108.       app: metallb
  109.       component: speaker
  110.   template:
  111.     metadata:
  112.       annotations: {}
  113.       labels:
  114.         app: metallb
  115.         component: speaker
  116.       namespace: metallb-system
  117.     spec:
  118.       containers:
  119.         - args:
  120.            - --port=7472
  121.             - --config=config
  122.           env:
  123.             - name: METALLB_NODE_NAME
  124.               valueFrom:
  125.                 fieldRef:
  126.                   apiVersion: v1
  127.                   fieldPath: spec.nodeName
  128.           image: metallb/speaker:v0.7.3
  129.           imagePullPolicy: IfNotPresent
  130.           name: speaker
  131.           ports:
  132.             - containerPort: 7472
  133.               name: monitoring
  134.           resources:
  135.             limits:
  136.               cpu: 100m
  137.               memory: 100Mi
  138.           securityContext:
  139.             capabilities:
  140.               add:
  141.                - net_raw
  142.             readOnlyRootFilesystem: true
  143.             runAsUser: 1000
  144.           stdin: false
  145.           tty: false
  146.           volumeMounts: []
  147.       hostNetwork: true
  148.       imagePullSecrets: []
  149.       initContainers: []
  150.       serviceAccountName: metallb-speaker
  151.       terminationGracePeriodSeconds: 0
  152.       volumes: []
  153.   updateStrategy:
  154.     rollingUpdate:
  155.       maxUnavailable: 1
  156.     type: RollingUpdate
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!