1# this pod fixture is used for benchmarks and should be kept updated to pass the latest restricted policy
2apiVersion: v1
3kind: Pod
4metadata:
5 annotations:
6 scheduler.alpha.kubernetes.io/critical-pod: ""
7 seccomp.security.alpha.kubernetes.io/pod: runtime/default
8 creationTimestamp: "2021-08-20T14:35:04Z"
9 generateName: kube-dns-76dbc85bd5-
10 labels:
11 k8s-app: kube-dns
12 pod-template-hash: 76dbc85bd5
13 managedFields:
14 - apiVersion: v1
15 fieldsType: FieldsV1
16 fieldsV1:
17 f:metadata:
18 f:annotations:
19 .: {}
20 f:scheduler.alpha.kubernetes.io/critical-pod: {}
21 f:seccomp.security.alpha.kubernetes.io/pod: {}
22 f:generateName: {}
23 f:labels:
24 .: {}
25 f:k8s-app: {}
26 f:pod-template-hash: {}
27 f:ownerReferences:
28 .: {}
29 k:{"uid":"901a2f14-52d5-468b-af25-6587b60f2887"}:
30 .: {}
31 f:apiVersion: {}
32 f:blockOwnerDeletion: {}
33 f:controller: {}
34 f:kind: {}
35 f:name: {}
36 f:uid: {}
37 f:spec:
38 f:affinity:
39 .: {}
40 f:podAntiAffinity:
41 .: {}
42 f:preferredDuringSchedulingIgnoredDuringExecution: {}
43 f:containers:
44 k:{"name":"dnsmasq"}:
45 .: {}
46 f:args: {}
47 f:image: image-name:tag-name
48 f:imagePullPolicy: {}
49 f:livenessProbe:
50 .: {}
51 f:failureThreshold: {}
52 f:httpGet:
53 .: {}
54 f:path: {}
55 f:port: {}
56 f:scheme: {}
57 f:initialDelaySeconds: {}
58 f:periodSeconds: {}
59 f:successThreshold: {}
60 f:timeoutSeconds: {}
61 f:name: {}
62 f:ports:
63 .: {}
64 k:{"containerPort":53,"protocol":"TCP"}:
65 .: {}
66 f:containerPort: {}
67 f:name: {}
68 f:protocol: {}
69 k:{"containerPort":53,"protocol":"UDP"}:
70 .: {}
71 f:containerPort: {}
72 f:name: {}
73 f:protocol: {}
74 f:resources:
75 .: {}
76 f:requests:
77 .: {}
78 f:cpu: {}
79 f:memory: {}
80 f:securityContext:
81 .: {}
82 f:capabilities:
83 .: {}
84 f:add: {}
85 f:drop: {}
86 f:terminationMessagePath: {}
87 f:terminationMessagePolicy: {}
88 f:volumeMounts:
89 .: {}
90 k:{"mountPath":"/etc/k8s/dns/dnsmasq-nanny"}:
91 .: {}
92 f:mountPath: {}
93 f:name: {}
94 k:{"name":"kubedns"}:
95 .: {}
96 f:args: {}
97 f:env:
98 .: {}
99 k:{"name":"PROMETHEUS_PORT"}:
100 .: {}
101 f:name: {}
102 f:value: {}
103 f:image: image-name:tag-name
104 f:imagePullPolicy: {}
105 f:livenessProbe:
106 .: {}
107 f:failureThreshold: {}
108 f:httpGet:
109 .: {}
110 f:path: {}
111 f:port: {}
112 f:scheme: {}
113 f:initialDelaySeconds: {}
114 f:periodSeconds: {}
115 f:successThreshold: {}
116 f:timeoutSeconds: {}
117 f:name: {}
118 f:ports:
119 .: {}
120 k:{"containerPort":10053,"protocol":"TCP"}:
121 .: {}
122 f:containerPort: {}
123 f:name: {}
124 f:protocol: {}
125 k:{"containerPort":10053,"protocol":"UDP"}:
126 .: {}
127 f:containerPort: {}
128 f:name: {}
129 f:protocol: {}
130 k:{"containerPort":10055,"protocol":"TCP"}:
131 .: {}
132 f:containerPort: {}
133 f:name: {}
134 f:protocol: {}
135 f:readinessProbe:
136 .: {}
137 f:failureThreshold: {}
138 f:httpGet:
139 .: {}
140 f:path: {}
141 f:port: {}
142 f:scheme: {}
143 f:initialDelaySeconds: {}
144 f:periodSeconds: {}
145 f:successThreshold: {}
146 f:timeoutSeconds: {}
147 f:resources:
148 .: {}
149 f:limits:
150 .: {}
151 f:memory: {}
152 f:requests:
153 .: {}
154 f:cpu: {}
155 f:memory: {}
156 f:securityContext:
157 .: {}
158 f:allowPrivilegeEscalation: {}
159 f:readOnlyRootFilesystem: {}
160 f:runAsGroup: {}
161 f:runAsUser: {}
162 f:terminationMessagePath: {}
163 f:terminationMessagePolicy: {}
164 f:volumeMounts:
165 .: {}
166 k:{"mountPath":"/kube-dns-config"}:
167 .: {}
168 f:mountPath: {}
169 f:name: {}
170 k:{"name":"prometheus-to-sd"}:
171 .: {}
172 f:command: {}
173 f:env:
174 .: {}
175 k:{"name":"POD_NAME"}:
176 .: {}
177 f:name: {}
178 f:valueFrom:
179 .: {}
180 f:fieldRef:
181 .: {}
182 f:apiVersion: {}
183 f:fieldPath: {}
184 k:{"name":"POD_NAMESPACE"}:
185 .: {}
186 f:name: {}
187 f:valueFrom:
188 .: {}
189 f:fieldRef:
190 .: {}
191 f:apiVersion: {}
192 f:fieldPath: {}
193 f:image: image-name:tag-name
194 f:imagePullPolicy: {}
195 f:name: {}
196 f:resources: {}
197 f:securityContext:
198 .: {}
199 f:allowPrivilegeEscalation: {}
200 f:readOnlyRootFilesystem: {}
201 f:runAsGroup: {}
202 f:runAsUser: {}
203 f:terminationMessagePath: {}
204 f:terminationMessagePolicy: {}
205 k:{"name":"sidecar"}:
206 .: {}
207 f:args: {}
208 f:image: image-name:tag-name
209 f:imagePullPolicy: {}
210 f:livenessProbe:
211 .: {}
212 f:failureThreshold: {}
213 f:httpGet:
214 .: {}
215 f:path: {}
216 f:port: {}
217 f:scheme: {}
218 f:initialDelaySeconds: {}
219 f:periodSeconds: {}
220 f:successThreshold: {}
221 f:timeoutSeconds: {}
222 f:name: {}
223 f:ports:
224 .: {}
225 k:{"containerPort":10054,"protocol":"TCP"}:
226 .: {}
227 f:containerPort: {}
228 f:name: {}
229 f:protocol: {}
230 f:resources:
231 .: {}
232 f:requests:
233 .: {}
234 f:cpu: {}
235 f:memory: {}
236 f:securityContext:
237 .: {}
238 f:allowPrivilegeEscalation: {}
239 f:readOnlyRootFilesystem: {}
240 f:runAsGroup: {}
241 f:runAsUser: {}
242 f:terminationMessagePath: {}
243 f:terminationMessagePolicy: {}
244 f:dnsPolicy: {}
245 f:enableServiceLinks: {}
246 f:nodeSelector:
247 .: {}
248 f:kubernetes.io/os: {}
249 f:priorityClassName: {}
250 f:restartPolicy: {}
251 f:schedulerName: {}
252 f:securityContext:
253 .: {}
254 f:fsGroup: {}
255 f:supplementalGroups: {}
256 f:serviceAccount: {}
257 f:serviceAccountName: {}
258 f:terminationGracePeriodSeconds: {}
259 f:tolerations: {}
260 f:volumes:
261 .: {}
262 k:{"name":"kube-dns-config"}:
263 .: {}
264 f:configMap:
265 .: {}
266 f:defaultMode: {}
267 f:name: {}
268 f:optional: {}
269 f:name: {}
270 manager: kube-controller-manager
271 operation: Update
272 time: "2021-08-20T14:35:04Z"
273 - apiVersion: v1
274 fieldsType: FieldsV1
275 fieldsV1:
276 f:status:
277 f:conditions:
278 .: {}
279 k:{"type":"PodScheduled"}:
280 .: {}
281 f:lastProbeTime: {}
282 f:lastTransitionTime: {}
283 f:message: {}
284 f:reason: {}
285 f:status: {}
286 f:type: {}
287 manager: kube-scheduler
288 operation: Update
289 time: "2021-08-20T14:35:04Z"
290 - apiVersion: v1
291 fieldsType: FieldsV1
292 fieldsV1:
293 f:status:
294 f:conditions:
295 k:{"type":"ContainersReady"}:
296 .: {}
297 f:lastProbeTime: {}
298 f:lastTransitionTime: {}
299 f:status: {}
300 f:type: {}
301 k:{"type":"Initialized"}:
302 .: {}
303 f:lastProbeTime: {}
304 f:lastTransitionTime: {}
305 f:status: {}
306 f:type: {}
307 k:{"type":"Ready"}:
308 .: {}
309 f:lastProbeTime: {}
310 f:lastTransitionTime: {}
311 f:status: {}
312 f:type: {}
313 f:containerStatuses: {}
314 f:hostIP: {}
315 f:phase: {}
316 f:podIP: {}
317 f:podIPs:
318 .: {}
319 k:{"ip":"10..10.10"}:
320 .: {}
321 f:ip: {}
322 f:startTime: {}
323 manager: kubelet
324 operation: Update
325 time: "2021-08-20T14:36:10Z"
326 name: kube-dns-76dbc85bd5-zl5tr
327 namespace: kube-system
328 ownerReferences:
329 - apiVersion: apps/v1
330 blockOwnerDeletion: true
331 controller: true
332 kind: ReplicaSet
333 name: kube-dns-76dbc85bd5
334 uid: 901a2f14-52d5-468b-af25-6587b60f2887
335 resourceVersion: "1391"
336 uid: e98f0f22-0937-4495-8211-d5633e50fb8d
337spec:
338 affinity:
339 podAntiAffinity:
340 preferredDuringSchedulingIgnoredDuringExecution:
341 - podAffinityTerm:
342 labelSelector:
343 matchExpressions:
344 - key: k8s-app
345 operator: In
346 values:
347 - kube-dns
348 topologyKey: kubernetes.io/hostname
349 weight: 100
350 containers:
351 - args:
352 - --domain=cluster.local.
353 - --dns-port=10053
354 - --config-dir=/kube-dns-config
355 - --v=2
356 env:
357 - name: PROMETHEUS_PORT
358 value: "10055"
359 image: image-name:tag-name
360 imagePullPolicy: IfNotPresent
361 livenessProbe:
362 failureThreshold: 5
363 httpGet:
364 path: /healthcheck/kubedns
365 port: 10054
366 scheme: HTTP
367 initialDelaySeconds: 60
368 periodSeconds: 10
369 successThreshold: 1
370 timeoutSeconds: 5
371 name: kubedns
372 ports:
373 - containerPort: 10053
374 name: dns-local
375 protocol: UDP
376 - containerPort: 10053
377 name: dns-tcp-local
378 protocol: TCP
379 - containerPort: 10055
380 name: metrics
381 protocol: TCP
382 readinessProbe:
383 failureThreshold: 3
384 httpGet:
385 path: /readiness
386 port: 8081
387 scheme: HTTP
388 initialDelaySeconds: 3
389 periodSeconds: 10
390 successThreshold: 1
391 timeoutSeconds: 5
392 resources:
393 limits:
394 memory: 210Mi
395 requests:
396 cpu: 100m
397 memory: 70Mi
398 securityContext:
399 allowPrivilegeEscalation: false
400 readOnlyRootFilesystem: true
401 runAsGroup: 1001
402 runAsUser: 1001
403 runAsNonRoot: true
404 capabilities:
405 add:
406 - NET_BIND_SERVICE
407 drop:
408 - ALL
409 terminationMessagePath: /dev/termination-log
410 terminationMessagePolicy: File
411 volumeMounts:
412 - mountPath: /kube-dns-config
413 name: kube-dns-config
414 - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
415 name: kube-api-access-s8rz5
416 readOnly: true
417 - args:
418 - -v=2
419 - -logtostderr
420 - -configDir=/etc/k8s/dns/dnsmasq-nanny
421 - -restartDnsmasq=true
422 - --
423 - -k
424 - --cache-size=1000
425 - --no-negcache
426 - --dns-forward-max=1500
427 - --log-facility=-
428 - --server=/cluster.local/127.0.0.1#10053
429 - --server=/in-addr.arpa/127.0.0.1#10053
430 - --server=/ip6.arpa/127.0.0.1#10053
431 image: image-name:tag-name
432 imagePullPolicy: IfNotPresent
433 livenessProbe:
434 failureThreshold: 5
435 httpGet:
436 path: /healthcheck/dnsmasq
437 port: 10054
438 scheme: HTTP
439 initialDelaySeconds: 60
440 periodSeconds: 10
441 successThreshold: 1
442 timeoutSeconds: 5
443 name: dnsmasq
444 ports:
445 - containerPort: 53
446 name: dns
447 protocol: UDP
448 - containerPort: 53
449 name: dns-tcp
450 protocol: TCP
451 resources:
452 requests:
453 cpu: 150m
454 memory: 20Mi
455 securityContext:
456 allowPrivilegeEscalation: false
457 runAsNonRoot: true
458 capabilities:
459 add:
460 - NET_BIND_SERVICE
461 drop:
462 - ALL
463 terminationMessagePath: /dev/termination-log
464 terminationMessagePolicy: File
465 volumeMounts:
466 - mountPath: /etc/k8s/dns/dnsmasq-nanny
467 name: kube-dns-config
468 - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
469 name: kube-api-access-s8rz5
470 readOnly: true
471 - args:
472 - --v=2
473 - --logtostderr
474 - --probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.cluster.local,5,SRV
475 - --probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.cluster.local,5,SRV
476 image: image-name:tag-name
477 imagePullPolicy: IfNotPresent
478 livenessProbe:
479 failureThreshold: 5
480 httpGet:
481 path: /metrics
482 port: 10054
483 scheme: HTTP
484 initialDelaySeconds: 60
485 periodSeconds: 10
486 successThreshold: 1
487 timeoutSeconds: 5
488 name: sidecar
489 ports:
490 - containerPort: 10054
491 name: metrics
492 protocol: TCP
493 resources:
494 requests:
495 cpu: 10m
496 memory: 20Mi
497 securityContext:
498 allowPrivilegeEscalation: false
499 readOnlyRootFilesystem: true
500 runAsGroup: 1001
501 runAsUser: 1001
502 runAsNonRoot: true
503 capabilities:
504 add:
505 - NET_BIND_SERVICE
506 drop:
507 - ALL
508 terminationMessagePath: /dev/termination-log
509 terminationMessagePolicy: File
510 volumeMounts:
511 - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
512 name: kube-api-access-s8rz5
513 readOnly: true
514 - command:
515 - /monitor
516 - --stackdriver-prefix=container.googleapis.com/internal/addons
517 - --api-override=https://test-monitoring.sandbox.googleapis.com/
518 - --pod-id=$(POD_NAME)
519 - --namespace-id=$(POD_NAMESPACE)
520 - --v=2
521 env:
522 - name: POD_NAME
523 valueFrom:
524 fieldRef:
525 apiVersion: v1
526 fieldPath: metadata.name
527 - name: POD_NAMESPACE
528 valueFrom:
529 fieldRef:
530 apiVersion: v1
531 fieldPath: metadata.namespace
532 image: image-name:tag-name
533 imagePullPolicy: IfNotPresent
534 name: prometheus-to-sd
535 resources: {}
536 securityContext:
537 allowPrivilegeEscalation: false
538 readOnlyRootFilesystem: true
539 runAsGroup: 1001
540 runAsUser: 1001
541 runAsNonRoot: true
542 capabilities:
543 add:
544 - NET_BIND_SERVICE
545 drop:
546 - ALL
547 terminationMessagePath: /dev/termination-log
548 terminationMessagePolicy: File
549 volumeMounts:
550 - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
551 name: kube-api-access-s8rz5
552 readOnly: true
553 dnsPolicy: Default
554 enableServiceLinks: true
555 nodeName: mynode
556 nodeSelector:
557 kubernetes.io/os: linux
558 preemptionPolicy: PreemptLowerPriority
559 priority: 2000000000
560 priorityClassName: system-cluster-critical
561 restartPolicy: Always
562 schedulerName: default-scheduler
563 securityContext:
564 fsGroup: 65534
565 seccompProfile:
566 type: RuntimeDefault
567 supplementalGroups:
568 - 65534
569 serviceAccount: kube-dns
570 serviceAccountName: kube-dns
571 terminationGracePeriodSeconds: 30
572 tolerations:
573 - key: CriticalAddonsOnly
574 operator: Exists
575 - effect: NoExecute
576 key: node.kubernetes.io/not-ready
577 operator: Exists
578 tolerationSeconds: 300
579 - effect: NoExecute
580 key: node.kubernetes.io/unreachable
581 operator: Exists
582 tolerationSeconds: 300
583 volumes:
584 - configMap:
585 defaultMode: 420
586 name: kube-dns
587 optional: true
588 name: kube-dns-config
589 - name: kube-api-access-s8rz5
590 projected:
591 defaultMode: 420
592 sources:
593 - serviceAccountToken:
594 expirationSeconds: 3607
595 path: token
596 - configMap:
597 items:
598 - key: ca.crt
599 path: ca.crt
600 name: kube-root-ca.crt
601 - downwardAPI:
602 items:
603 - fieldRef:
604 apiVersion: v1
605 fieldPath: metadata.namespace
606 path: namespace
607status:
608 conditions:
609 - lastProbeTime: null
610 lastTransitionTime: "2021-08-20T14:35:31Z"
611 status: "True"
612 type: Initialized
613 - lastProbeTime: null
614 lastTransitionTime: "2021-08-20T14:36:10Z"
615 status: "True"
616 type: Ready
617 - lastProbeTime: null
618 lastTransitionTime: "2021-08-20T14:36:10Z"
619 status: "True"
620 type: ContainersReady
621 - lastProbeTime: null
622 lastTransitionTime: "2021-08-20T14:35:31Z"
623 status: "True"
624 type: PodScheduled
625 containerStatuses:
626 - containerID: containerd://f21ec303caca266fa4b81ebe6c210b5aa2b8ea6a262d8038db2c4f57db127187
627 image: image-name:tag-name
628 imageID: imageid@sha256:8e2a7eaa7e6b1ede58d6361d0058a391260a46f0290b7f0368b709494e9e36bf
629 lastState: {}
630 name: dnsmasq
631 ready: true
632 restartCount: 0
633 started: true
634 state:
635 running:
636 startedAt: "2021-08-20T14:36:03Z"
637 - containerID: containerd://bf3db3f330364ba2af3763a3c0b0bcd137f0556a73fffd0e0dbda61035b696a9
638 image: image-name:tag-name
639 imageID: imageid@sha256:50a1d17afe48a4ae15c9321d8c16d8f1302358c92971884722514c4ed7315ca3
640 lastState: {}
641 name: kubedns
642 ready: true
643 restartCount: 0
644 started: true
645 state:
646 running:
647 startedAt: "2021-08-20T14:35:52Z"
648 - containerID: containerd://733304e5217f2c9827736e1226188b11488fd476d0b9f647bd098fe9db89460e
649 image: image-name:tag-name
650 imageID: imageid@sha256:aca8ef8aa7fae83e1f8583ed78dd4d11f655b9f22a0a76bda5edce6d8965bdf2
651 lastState: {}
652 name: prometheus-to-sd
653 ready: true
654 restartCount: 0
655 started: true
656 state:
657 running:
658 startedAt: "2021-08-20T14:36:09Z"
659 - containerID: containerd://4639ada29f769008d3b21eef48cd061534dfd7875b42d5103179d4f0258667e9
660 image: image-name:tag-name
661 imageID: imageid@sha256:3bb5033aefb3e3dee259ab3d357d38d16eacf9cf2e1542ad577e3796410033ca
662 lastState: {}
663 name: sidecar
664 ready: true
665 restartCount: 0
666 started: true
667 state:
668 running:
669 startedAt: "2021-08-20T14:36:06Z"
670 hostIP: 10.128.0.48
671 phase: Running
672 podIP: 10..10.10
673 podIPs:
674 - ip: 10..10.10
675 qosClass: Burstable
676 startTime: "2021-08-20T14:35:31Z"View as plain text