bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
titan-iac/services/maintenance/metis-sentinel-daemonset.yaml

134 lines
4.1 KiB
YAML
Raw Blame History

# services/maintenance/metis-sentinel-daemonset.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: metis-sentinel
namespace: maintenance
spec:
selector:
matchLabels:
app: metis-sentinel
updateStrategy:
type: RollingUpdate
template:
metadata:
labels:
app: metis-sentinel
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8080"
prometheus.io/path: "/metrics"
spec:
serviceAccountName: metis
nodeSelector:
kubernetes.io/os: linux
node-role.kubernetes.io/worker: "true"
containers:
- name: metis-sentinel
image: registry.bstein.dev/bstein/metis-sentinel:latest
imagePullPolicy: Always
command:
- /bin/sh
- -c
args:
- |
set -eu
out_dir="${METIS_SENTINEL_OUT:-/var/run/metis-sentinel}"
interval="${METIS_SENTINEL_INTERVAL_SEC:-120}"
mkdir -p "${out_dir}"
while true; do
ts="$(date -u +%Y%m%dT%H%M%SZ)"
node="${METIS_SENTINEL_NODE:-unknown}"
tmp="${out_dir}/${node}-${ts}.json.tmp"
out="${out_dir}/${node}-${ts}.json"
if metis-sentinel > "${tmp}"; then
mv "${tmp}" "${out}"
else
rm -f "${tmp}" || true
fi
sleep "${interval}"
done
envFrom:
- configMapRef:
name: metis
env:
- name: METIS_SENTINEL_NODE
valueFrom:
fieldRef:
fieldPath: spec.nodeName
ports:
- name: http
containerPort: 8080
volumeMounts:
- name: sentinel-output
mountPath: /var/run/metis-sentinel
resources:
requests:
cpu: 25m
memory: 64Mi
limits:
cpu: 250m
memory: 256Mi
securityContext:
allowPrivilegeEscalation: false
runAsUser: 0
capabilities:
drop: ["ALL"]
- name: sentinel-pusher
image: curlimages/curl:8.12.1
imagePullPolicy: IfNotPresent
command:
- /bin/sh
- -c
args:
- |
set -eu
out_dir="${METIS_SENTINEL_OUT:-/var/run/metis-sentinel}"
push_url="${METIS_SENTINEL_PUSH_URL:-}"
interval="${METIS_SENTINEL_PUSH_INTERVAL_SEC:-120}"
timeout="${METIS_SENTINEL_PUSH_TIMEOUT_SEC:-10}"
mkdir -p "${out_dir}"
while true; do
for snapshot in "${out_dir}"/*.json; do
[ -f "${snapshot}" ] || continue
if [ -z "${push_url}" ]; then
break
fi
if curl -fsS --connect-timeout "${timeout}" --max-time "${timeout}" \
-X POST \
-H "Content-Type: application/json" \
-H "X-Metis-Node: ${METIS_SENTINEL_NODE:-unknown}" \
--data-binary "@${snapshot}" \
"${push_url}"; then
rm -f "${snapshot}"
fi
done
sleep "${interval}"
done
envFrom:
- configMapRef:
name: metis
env:
- name: METIS_SENTINEL_NODE
valueFrom:
fieldRef:
fieldPath: spec.nodeName
volumeMounts:
- name: sentinel-output
mountPath: /var/run/metis-sentinel
resources:
requests:
cpu: 10m
memory: 32Mi
limits:
cpu: 100m
memory: 128Mi
securityContext:
allowPrivilegeEscalation: false
runAsUser: 0
capabilities:
drop: ["ALL"]
volumes:
- name: sentinel-output
emptyDir: {}
Reference in New Issue View Git Blame Copy Permalink