This repository has been archived by the owner on Jun 30, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 15
/
example-daemonset.yaml
136 lines (122 loc) · 4.33 KB
/
example-daemonset.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
# Example Kubernetes DaemonSet configuration for running the Traffic Server
# ingress controller. It will listed on hostPort 8080 for HTTP requests, and
# hostPor 8443 for TLS requests. It will only run on nodes with the label
# node-role.kubernetes.io/master: "true".
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
annotations:
labels:
app: trafficserver
name: trafficserver
namespace: trafficserver
spec:
minReadySeconds: 30
selector:
matchLabels:
app: trafficserver
# TS is safe to use with rolling updates, allowing it to be upgraded without
# any downtime as long as you run more than one copy.
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
template:
metadata:
labels:
app: trafficserver
spec:
# Ensure that we run only on master nodes. This uses the newer style
# "node-role.kubernetes.io/master" label; you may need to change this if
# your cluster has different annotations, or remove it entirely if you
# don't want TS running on master nodes.
nodeSelector:
node-role.kubernetes.io/master: "true"
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
# Create a volume for the TS cache. We use an emptyDir here. Each
# instance requires its own cache volume, so you cannot use a persistent
# volume (or hostPath, etc.) if deploying as a DaemonSet. Use a
# StatefulSet with a PV claim template if you want a fully persistent
# cache; but node that this emptyDir will only be emptied when the pod is
# deleted.
volumes:
- name: ts-storage
emptyDir: {}
# Depending on your cluster setup, you may need to use hostNetwork here if
# you want to use hostPort to expose TS. In particular, as of Kubernetes
# 1.6.1, clusters using a CNI plugin cannot use hostPort without
# hostNetwork. An alternative way to expose TS is to use a Service,
# with either NodePort or type: LoadBalancer.
hostNetwork: true
containers:
- name: trafficserver
image: docker.io/torchbox/k8s-ts-ingress:v1.0.0-alpha9
imagePullPolicy: IfNotPresent
# Load the configuration map.
env:
name: TS_CONFIGMAP
value: trafficserver/ts-config
# The memory limit must be large enough for both TS itself, and its RAM
# cache, which is set to 64MB by default.
resources:
limits:
cpu: "1"
memory: 196Mi
requests:
cpu: 100m
memory: 196Mi
# By default we listen on 8080 and 8443; you can use any port you like
# here, or remove the hostPort entirely and use a Service instead.
ports:
- containerPort: 8080
hostPort: 8080
name: http
protocol: TCP
- containerPort: 8443
hostPort: 8443
name: https
protocol: TCP
# Ensure TS's healthcheck fails before it stops serving requests, so it
# can be removed from any load balancer node list.
lifecycle:
preStop:
exec:
command:
- /bin/sh
- -c
- /bin/rm -f /run/ts-alive; sleep 20
# The probes use TS's healthchecks plugin, so this will only return
# successfully when TS is running. It does not currently check the
# health of the plugin, e.g. that it was able to contact the API server.
livenessProbe:
failureThreshold: 2
httpGet:
httpHeaders:
- name: Host
value: localhost
path: /__trafficserver_alive
port: http
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 3
successThreshold: 1
timeoutSeconds: 10
readinessProbe:
failureThreshold: 2
httpGet:
httpHeaders:
- name: Host
value: localhost
path: /__trafficserver_alive
port: http
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 3
successThreshold: 1
timeoutSeconds: 10
# Mount the cache storage we configured above.
volumeMounts:
- mountPath: /var/lib/trafficserver
name: ts-storage