1# this pod fixture is used for benchmarks and should be kept updated to pass the latest baseline policy
2apiVersion: v1
3kind: Pod
4metadata:
5 annotations:
6 scheduler.alpha.kubernetes.io/critical-pod: ""
7 seccomp.security.alpha.kubernetes.io/pod: runtime/default
8 creationTimestamp: "2021-08-20T14:35:04Z"
9 generateName: kube-dns-76dbc85bd5-
10 labels:
11 k8s-app: kube-dns
12 pod-template-hash: 76dbc85bd5
13 managedFields:
14 - apiVersion: v1
15 fieldsType: FieldsV1
16 fieldsV1:
17 f:metadata:
18 f:annotations:
19 .: {}
20 f:scheduler.alpha.kubernetes.io/critical-pod: {}
21 f:seccomp.security.alpha.kubernetes.io/pod: {}
22 f:generateName: {}
23 f:labels:
24 .: {}
25 f:k8s-app: {}
26 f:pod-template-hash: {}
27 f:ownerReferences:
28 .: {}
29 k:{"uid":"901a2f14-52d5-468b-af25-6587b60f2887"}:
30 .: {}
31 f:apiVersion: {}
32 f:blockOwnerDeletion: {}
33 f:controller: {}
34 f:kind: {}
35 f:name: {}
36 f:uid: {}
37 f:spec:
38 f:affinity:
39 .: {}
40 f:podAntiAffinity:
41 .: {}
42 f:preferredDuringSchedulingIgnoredDuringExecution: {}
43 f:containers:
44 k:{"name":"dnsmasq"}:
45 .: {}
46 f:args: {}
47 f:image: image-name:tag-name
48 f:imagePullPolicy: {}
49 f:livenessProbe:
50 .: {}
51 f:failureThreshold: {}
52 f:httpGet:
53 .: {}
54 f:path: {}
55 f:port: {}
56 f:scheme: {}
57 f:initialDelaySeconds: {}
58 f:periodSeconds: {}
59 f:successThreshold: {}
60 f:timeoutSeconds: {}
61 f:name: {}
62 f:ports:
63 .: {}
64 k:{"containerPort":53,"protocol":"TCP"}:
65 .: {}
66 f:containerPort: {}
67 f:name: {}
68 f:protocol: {}
69 k:{"containerPort":53,"protocol":"UDP"}:
70 .: {}
71 f:containerPort: {}
72 f:name: {}
73 f:protocol: {}
74 f:resources:
75 .: {}
76 f:requests:
77 .: {}
78 f:cpu: {}
79 f:memory: {}
80 f:securityContext:
81 .: {}
82 f:capabilities:
83 .: {}
84 f:add: {}
85 f:drop: {}
86 f:terminationMessagePath: {}
87 f:terminationMessagePolicy: {}
88 f:volumeMounts:
89 .: {}
90 k:{"mountPath":"/etc/k8s/dns/dnsmasq-nanny"}:
91 .: {}
92 f:mountPath: {}
93 f:name: {}
94 k:{"name":"kubedns"}:
95 .: {}
96 f:args: {}
97 f:env:
98 .: {}
99 k:{"name":"PROMETHEUS_PORT"}:
100 .: {}
101 f:name: {}
102 f:value: {}
103 f:image: image-name:tag-name
104 f:imagePullPolicy: {}
105 f:livenessProbe:
106 .: {}
107 f:failureThreshold: {}
108 f:httpGet:
109 .: {}
110 f:path: {}
111 f:port: {}
112 f:scheme: {}
113 f:initialDelaySeconds: {}
114 f:periodSeconds: {}
115 f:successThreshold: {}
116 f:timeoutSeconds: {}
117 f:name: {}
118 f:ports:
119 .: {}
120 k:{"containerPort":10053,"protocol":"TCP"}:
121 .: {}
122 f:containerPort: {}
123 f:name: {}
124 f:protocol: {}
125 k:{"containerPort":10053,"protocol":"UDP"}:
126 .: {}
127 f:containerPort: {}
128 f:name: {}
129 f:protocol: {}
130 k:{"containerPort":10055,"protocol":"TCP"}:
131 .: {}
132 f:containerPort: {}
133 f:name: {}
134 f:protocol: {}
135 f:readinessProbe:
136 .: {}
137 f:failureThreshold: {}
138 f:httpGet:
139 .: {}
140 f:path: {}
141 f:port: {}
142 f:scheme: {}
143 f:initialDelaySeconds: {}
144 f:periodSeconds: {}
145 f:successThreshold: {}
146 f:timeoutSeconds: {}
147 f:resources:
148 .: {}
149 f:limits:
150 .: {}
151 f:memory: {}
152 f:requests:
153 .: {}
154 f:cpu: {}
155 f:memory: {}
156 f:securityContext:
157 .: {}
158 f:allowPrivilegeEscalation: {}
159 f:readOnlyRootFilesystem: {}
160 f:runAsGroup: {}
161 f:runAsUser: {}
162 f:terminationMessagePath: {}
163 f:terminationMessagePolicy: {}
164 f:volumeMounts:
165 .: {}
166 k:{"mountPath":"/kube-dns-config"}:
167 .: {}
168 f:mountPath: {}
169 f:name: {}
170 k:{"name":"prometheus-to-sd"}:
171 .: {}
172 f:command: {}
173 f:env:
174 .: {}
175 k:{"name":"POD_NAME"}:
176 .: {}
177 f:name: {}
178 f:valueFrom:
179 .: {}
180 f:fieldRef:
181 .: {}
182 f:apiVersion: {}
183 f:fieldPath: {}
184 k:{"name":"POD_NAMESPACE"}:
185 .: {}
186 f:name: {}
187 f:valueFrom:
188 .: {}
189 f:fieldRef:
190 .: {}
191 f:apiVersion: {}
192 f:fieldPath: {}
193 f:image: image-name:tag-name
194 f:imagePullPolicy: {}
195 f:name: {}
196 f:resources: {}
197 f:securityContext:
198 .: {}
199 f:allowPrivilegeEscalation: {}
200 f:readOnlyRootFilesystem: {}
201 f:runAsGroup: {}
202 f:runAsUser: {}
203 f:terminationMessagePath: {}
204 f:terminationMessagePolicy: {}
205 k:{"name":"sidecar"}:
206 .: {}
207 f:args: {}
208 f:image: image-name:tag-name
209 f:imagePullPolicy: {}
210 f:livenessProbe:
211 .: {}
212 f:failureThreshold: {}
213 f:httpGet:
214 .: {}
215 f:path: {}
216 f:port: {}
217 f:scheme: {}
218 f:initialDelaySeconds: {}
219 f:periodSeconds: {}
220 f:successThreshold: {}
221 f:timeoutSeconds: {}
222 f:name: {}
223 f:ports:
224 .: {}
225 k:{"containerPort":10054,"protocol":"TCP"}:
226 .: {}
227 f:containerPort: {}
228 f:name: {}
229 f:protocol: {}
230 f:resources:
231 .: {}
232 f:requests:
233 .: {}
234 f:cpu: {}
235 f:memory: {}
236 f:securityContext:
237 .: {}
238 f:allowPrivilegeEscalation: {}
239 f:readOnlyRootFilesystem: {}
240 f:runAsGroup: {}
241 f:runAsUser: {}
242 f:terminationMessagePath: {}
243 f:terminationMessagePolicy: {}
244 f:dnsPolicy: {}
245 f:enableServiceLinks: {}
246 f:nodeSelector:
247 .: {}
248 f:kubernetes.io/os: {}
249 f:priorityClassName: {}
250 f:restartPolicy: {}
251 f:schedulerName: {}
252 f:securityContext:
253 .: {}
254 f:fsGroup: {}
255 f:supplementalGroups: {}
256 f:serviceAccount: {}
257 f:serviceAccountName: {}
258 f:terminationGracePeriodSeconds: {}
259 f:tolerations: {}
260 f:volumes:
261 .: {}
262 k:{"name":"kube-dns-config"}:
263 .: {}
264 f:configMap:
265 .: {}
266 f:defaultMode: {}
267 f:name: {}
268 f:optional: {}
269 f:name: {}
270 manager: kube-controller-manager
271 operation: Update
272 time: "2021-08-20T14:35:04Z"
273 - apiVersion: v1
274 fieldsType: FieldsV1
275 fieldsV1:
276 f:status:
277 f:conditions:
278 .: {}
279 k:{"type":"PodScheduled"}:
280 .: {}
281 f:lastProbeTime: {}
282 f:lastTransitionTime: {}
283 f:message: {}
284 f:reason: {}
285 f:status: {}
286 f:type: {}
287 manager: kube-scheduler
288 operation: Update
289 time: "2021-08-20T14:35:04Z"
290 - apiVersion: v1
291 fieldsType: FieldsV1
292 fieldsV1:
293 f:status:
294 f:conditions:
295 k:{"type":"ContainersReady"}:
296 .: {}
297 f:lastProbeTime: {}
298 f:lastTransitionTime: {}
299 f:status: {}
300 f:type: {}
301 k:{"type":"Initialized"}:
302 .: {}
303 f:lastProbeTime: {}
304 f:lastTransitionTime: {}
305 f:status: {}
306 f:type: {}
307 k:{"type":"Ready"}:
308 .: {}
309 f:lastProbeTime: {}
310 f:lastTransitionTime: {}
311 f:status: {}
312 f:type: {}
313 f:containerStatuses: {}
314 f:hostIP: {}
315 f:phase: {}
316 f:podIP: {}
317 f:podIPs:
318 .: {}
319 k:{"ip":"10..10.10"}:
320 .: {}
321 f:ip: {}
322 f:startTime: {}
323 manager: kubelet
324 operation: Update
325 time: "2021-08-20T14:36:10Z"
326 name: kube-dns-76dbc85bd5-zl5tr
327 namespace: kube-system
328 ownerReferences:
329 - apiVersion: apps/v1
330 blockOwnerDeletion: true
331 controller: true
332 kind: ReplicaSet
333 name: kube-dns-76dbc85bd5
334 uid: 901a2f14-52d5-468b-af25-6587b60f2887
335 resourceVersion: "1391"
336 uid: e98f0f22-0937-4495-8211-d5633e50fb8d
337spec:
338 affinity:
339 podAntiAffinity:
340 preferredDuringSchedulingIgnoredDuringExecution:
341 - podAffinityTerm:
342 labelSelector:
343 matchExpressions:
344 - key: k8s-app
345 operator: In
346 values:
347 - kube-dns
348 topologyKey: kubernetes.io/hostname
349 weight: 100
350 containers:
351 - args:
352 - --domain=cluster.local.
353 - --dns-port=10053
354 - --config-dir=/kube-dns-config
355 - --v=2
356 env:
357 - name: PROMETHEUS_PORT
358 value: "10055"
359 image: image-name:tag-name
360 imagePullPolicy: IfNotPresent
361 livenessProbe:
362 failureThreshold: 5
363 httpGet:
364 path: /healthcheck/kubedns
365 port: 10054
366 scheme: HTTP
367 initialDelaySeconds: 60
368 periodSeconds: 10
369 successThreshold: 1
370 timeoutSeconds: 5
371 name: kubedns
372 ports:
373 - containerPort: 10053
374 name: dns-local
375 protocol: UDP
376 - containerPort: 10053
377 name: dns-tcp-local
378 protocol: TCP
379 - containerPort: 10055
380 name: metrics
381 protocol: TCP
382 readinessProbe:
383 failureThreshold: 3
384 httpGet:
385 path: /readiness
386 port: 8081
387 scheme: HTTP
388 initialDelaySeconds: 3
389 periodSeconds: 10
390 successThreshold: 1
391 timeoutSeconds: 5
392 resources:
393 limits:
394 memory: 210Mi
395 requests:
396 cpu: 100m
397 memory: 70Mi
398 securityContext:
399 allowPrivilegeEscalation: false
400 readOnlyRootFilesystem: true
401 runAsGroup: 1001
402 capabilities:
403 add:
404 - NET_BIND_SERVICE
405 drop:
406 - ALL
407 terminationMessagePath: /dev/termination-log
408 terminationMessagePolicy: File
409 volumeMounts:
410 - mountPath: /kube-dns-config
411 name: kube-dns-config
412 - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
413 name: kube-api-access-s8rz5
414 readOnly: true
415 - args:
416 - -v=2
417 - -logtostderr
418 - -configDir=/etc/k8s/dns/dnsmasq-nanny
419 - -restartDnsmasq=true
420 - --
421 - -k
422 - --cache-size=1000
423 - --no-negcache
424 - --dns-forward-max=1500
425 - --log-facility=-
426 - --server=/cluster.local/127.0.0.1#10053
427 - --server=/in-addr.arpa/127.0.0.1#10053
428 - --server=/ip6.arpa/127.0.0.1#10053
429 image: image-name:tag-name
430 imagePullPolicy: IfNotPresent
431 livenessProbe:
432 failureThreshold: 5
433 httpGet:
434 path: /healthcheck/dnsmasq
435 port: 10054
436 scheme: HTTP
437 initialDelaySeconds: 60
438 periodSeconds: 10
439 successThreshold: 1
440 timeoutSeconds: 5
441 name: dnsmasq
442 ports:
443 - containerPort: 53
444 name: dns
445 protocol: UDP
446 - containerPort: 53
447 name: dns-tcp
448 protocol: TCP
449 resources:
450 requests:
451 cpu: 150m
452 memory: 20Mi
453 securityContext:
454 allowPrivilegeEscalation: false
455 runAsNonRoot: true
456 capabilities:
457 add:
458 - NET_BIND_SERVICE
459 drop:
460 - ALL
461 terminationMessagePath: /dev/termination-log
462 terminationMessagePolicy: File
463 volumeMounts:
464 - mountPath: /etc/k8s/dns/dnsmasq-nanny
465 name: kube-dns-config
466 - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
467 name: kube-api-access-s8rz5
468 readOnly: true
469 - args:
470 - --v=2
471 - --logtostderr
472 - --probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.cluster.local,5,SRV
473 - --probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.cluster.local,5,SRV
474 image: image-name:tag-name
475 imagePullPolicy: IfNotPresent
476 livenessProbe:
477 failureThreshold: 5
478 httpGet:
479 path: /metrics
480 port: 10054
481 scheme: HTTP
482 initialDelaySeconds: 60
483 periodSeconds: 10
484 successThreshold: 1
485 timeoutSeconds: 5
486 name: sidecar
487 ports:
488 - containerPort: 10054
489 name: metrics
490 protocol: TCP
491 resources:
492 requests:
493 cpu: 10m
494 memory: 20Mi
495 securityContext:
496 allowPrivilegeEscalation: false
497 readOnlyRootFilesystem: true
498 runAsGroup: 1001
499 capabilities:
500 add:
501 - NET_BIND_SERVICE
502 drop:
503 - ALL
504 terminationMessagePath: /dev/termination-log
505 terminationMessagePolicy: File
506 volumeMounts:
507 - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
508 name: kube-api-access-s8rz5
509 readOnly: true
510 - command:
511 - /monitor
512 - --stackdriver-prefix=container.googleapis.com/internal/addons
513 - --api-override=https://test-monitoring.sandbox.googleapis.com/
514 - --pod-id=$(POD_NAME)
515 - --namespace-id=$(POD_NAMESPACE)
516 - --v=2
517 env:
518 - name: POD_NAME
519 valueFrom:
520 fieldRef:
521 apiVersion: v1
522 fieldPath: metadata.name
523 - name: POD_NAMESPACE
524 valueFrom:
525 fieldRef:
526 apiVersion: v1
527 fieldPath: metadata.namespace
528 image: image-name:tag-name
529 imagePullPolicy: IfNotPresent
530 name: prometheus-to-sd
531 resources: {}
532 securityContext:
533 allowPrivilegeEscalation: false
534 readOnlyRootFilesystem: true
535 runAsGroup: 1001
536 capabilities:
537 add:
538 - NET_BIND_SERVICE
539 drop:
540 - ALL
541 terminationMessagePath: /dev/termination-log
542 terminationMessagePolicy: File
543 volumeMounts:
544 - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
545 name: kube-api-access-s8rz5
546 readOnly: true
547 dnsPolicy: Default
548 enableServiceLinks: true
549 nodeName: mynode
550 nodeSelector:
551 kubernetes.io/os: linux
552 preemptionPolicy: PreemptLowerPriority
553 priority: 2000000000
554 priorityClassName: system-cluster-critical
555 restartPolicy: Always
556 schedulerName: default-scheduler
557 securityContext:
558 fsGroup: 65534
559 seccompProfile:
560 type: RuntimeDefault
561 supplementalGroups:
562 - 65534
563 serviceAccount: kube-dns
564 serviceAccountName: kube-dns
565 terminationGracePeriodSeconds: 30
566 tolerations:
567 - key: CriticalAddonsOnly
568 operator: Exists
569 - effect: NoExecute
570 key: node.kubernetes.io/not-ready
571 operator: Exists
572 tolerationSeconds: 300
573 - effect: NoExecute
574 key: node.kubernetes.io/unreachable
575 operator: Exists
576 tolerationSeconds: 300
577 volumes:
578 - configMap:
579 defaultMode: 420
580 name: kube-dns
581 optional: true
582 name: kube-dns-config
583 - name: kube-api-access-s8rz5
584 projected:
585 defaultMode: 420
586 sources:
587 - serviceAccountToken:
588 expirationSeconds: 3607
589 path: token
590 - configMap:
591 items:
592 - key: ca.crt
593 path: ca.crt
594 name: kube-root-ca.crt
595 - downwardAPI:
596 items:
597 - fieldRef:
598 apiVersion: v1
599 fieldPath: metadata.namespace
600 path: namespace
601status:
602 conditions:
603 - lastProbeTime: null
604 lastTransitionTime: "2021-08-20T14:35:31Z"
605 status: "True"
606 type: Initialized
607 - lastProbeTime: null
608 lastTransitionTime: "2021-08-20T14:36:10Z"
609 status: "True"
610 type: Ready
611 - lastProbeTime: null
612 lastTransitionTime: "2021-08-20T14:36:10Z"
613 status: "True"
614 type: ContainersReady
615 - lastProbeTime: null
616 lastTransitionTime: "2021-08-20T14:35:31Z"
617 status: "True"
618 type: PodScheduled
619 containerStatuses:
620 - containerID: containerd://f21ec303caca266fa4b81ebe6c210b5aa2b8ea6a262d8038db2c4f57db127187
621 image: image-name:tag-name
622 imageID: imageid@sha256:8e2a7eaa7e6b1ede58d6361d0058a391260a46f0290b7f0368b709494e9e36bf
623 lastState: {}
624 name: dnsmasq
625 ready: true
626 restartCount: 0
627 started: true
628 state:
629 running:
630 startedAt: "2021-08-20T14:36:03Z"
631 - containerID: containerd://bf3db3f330364ba2af3763a3c0b0bcd137f0556a73fffd0e0dbda61035b696a9
632 image: image-name:tag-name
633 imageID: imageid@sha256:50a1d17afe48a4ae15c9321d8c16d8f1302358c92971884722514c4ed7315ca3
634 lastState: {}
635 name: kubedns
636 ready: true
637 restartCount: 0
638 started: true
639 state:
640 running:
641 startedAt: "2021-08-20T14:35:52Z"
642 - containerID: containerd://733304e5217f2c9827736e1226188b11488fd476d0b9f647bd098fe9db89460e
643 image: image-name:tag-name
644 imageID: imageid@sha256:aca8ef8aa7fae83e1f8583ed78dd4d11f655b9f22a0a76bda5edce6d8965bdf2
645 lastState: {}
646 name: prometheus-to-sd
647 ready: true
648 restartCount: 0
649 started: true
650 state:
651 running:
652 startedAt: "2021-08-20T14:36:09Z"
653 - containerID: containerd://4639ada29f769008d3b21eef48cd061534dfd7875b42d5103179d4f0258667e9
654 image: image-name:tag-name
655 imageID: imageid@sha256:3bb5033aefb3e3dee259ab3d357d38d16eacf9cf2e1542ad577e3796410033ca
656 lastState: {}
657 name: sidecar
658 ready: true
659 restartCount: 0
660 started: true
661 state:
662 running:
663 startedAt: "2021-08-20T14:36:06Z"
664 hostIP: 10.128.0.48
665 phase: Running
666 podIP: 10..10.10
667 podIPs:
668 - ip: 10..10.10
669 qosClass: Burstable
670 startTime: "2021-08-20T14:35:31Z"View as plain text