plugins-adapter/ext-proc.yaml at main · kagenti/plugins-adapter · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
apiVersion: v1
kind: Service
metadata:
  name: plugins-adapter-service
  namespace: istio-system
spec:
  selector:
    app: plugins-adapter
  ports:
    - name: grpc
      protocol: TCP
      port: 50052
      targetPort: 50052
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: plugins-adapter
  namespace: istio-system
spec:
  replicas: 1
  selector:
    matchLabels:
      app: plugins-adapter
  template:
    metadata:
      labels:
        app: plugins-adapter
    spec:
      # Allow 35s for graceful shutdown: 5s preStop + 15s gRPC drain + margin
      terminationGracePeriodSeconds: 35
      securityContext:
        runAsNonRoot: true
        runAsUser: 1000
        runAsGroup: 1000
        fsGroup: 1000
        seccompProfile:
          type: RuntimeDefault
      containers:
        - name: plugins-adapter
          image: plugins-adapter:0.1.0
          # command: ["bash", "-c","--"]
          # args: ["while true; do sleep 3600; done"]
          # imagePullPolicy: IfNotPresent
          securityContext:
            allowPrivilegeEscalation: false
            runAsNonRoot: true
            runAsUser: 1000
            runAsGroup: 1000
            capabilities:
              drop:
                - ALL
            readOnlyRootFilesystem: false
            seccompProfile:
              type: RuntimeDefault
          env:
            - name: PLUGINS_SERVER_HOST
              value: "0.0.0.0"
            - name: LOGLEVEL
              value: "DEBUG"
            - name: PLUGINS_ENABLED
              value: "true"
            # Note: The Dockerfile currently moves resources under ./src/resources
            - name: PLUGIN_CONFIG_FILE
              value: "./src/resources/config/config.yaml"
            - name: PLUGIN_MANAGER_CONFIG
              value: "./src/resources/config/config.yaml"
            - name: PYTHONPATH
              value: "./"
          ports:
            - containerPort: 50052
          lifecycle:
            preStop:
              exec:
                # Delay SIGTERM so Envoy/Istio can remove this pod from
                # its upstream list before we start draining streams.
                command: ["/bin/sleep", "5"]
          # gRPC health probes rely on the grpc-health-checking service
          # registered in serve()
          readinessProbe:
            grpc:
              port: 50052
            initialDelaySeconds: 5
            periodSeconds: 10
            failureThreshold: 3
          livenessProbe:
            grpc:
              port: 50052
            initialDelaySeconds: 10
            periodSeconds: 30
            failureThreshold: 3