1# Copyright 2022 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15apiVersion: v1
16kind: ServiceAccount
17metadata:
18 name: unmanaged-detector
19---
20apiVersion: apps/v1
21kind: StatefulSet
22metadata:
23 name: unmanaged-detector
24 labels:
25 cnrm.cloud.google.com/component: cnrm-unmanaged-detector
26spec:
27 selector:
28 matchLabels:
29 cnrm.cloud.google.com/component: cnrm-unmanaged-detector
30 serviceName: unmanaged-detector
31 template:
32 metadata:
33 labels:
34 cnrm.cloud.google.com/component: cnrm-unmanaged-detector
35 spec:
36 serviceAccountName: unmanaged-detector
37 containers:
38 - command:
39 - /configconnector/unmanageddetector
40 image: unmanageddetector:latest
41 imagePullPolicy: Always
42 name: unmanageddetector
43 ports:
44 # Port used for readiness probe
45 - containerPort: 23232
46 resources:
47 limits:
48 memory: 1Gi
49 requests:
50 # This value was tuned to run on a GKE cluster with
51 # default node settings. Increasing this value may
52 # result in a backwards-incompatible change that breaks
53 # add-on updates by not allowing new versions to schedule themselves.
54 cpu: 250m
55 memory: 512Mi
56 securityContext:
57 privileged: false
58 runAsUser: 1000
59 runAsNonRoot: true
60 allowPrivilegeEscalation: false
61 readinessProbe:
62 httpGet:
63 path: /ready
64 port: 23232
65 initialDelaySeconds: 7
66 periodSeconds: 3
67 enableServiceLinks: false
68 terminationGracePeriodSeconds: 10
View as plain text