mirrors/node-feature-discovery
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/node-feature-discovery.git synced 2024-12-14 11:57:51 +00:00
Code Activity
node-feature-discovery/nfd-worker-job.yaml.template
Kubernetes Prow Robot a68a4ec4fb
Merge pull request #325 from marquiz/devel/hardening 
Container image hardening
2020-08-21 02:51:39 -07:00

75 lines
2.2 KiB
Text
Raw Blame History

apiVersion: batch/v1
kind: Job
metadata:
labels:
app: node-feature-discovery
name: nfd-worker
namespace: node-feature-discovery
spec:
completions: COMPLETION_COUNT
parallelism: PARALLELISM_COUNT
template:
metadata:
labels:
app: node-feature-discovery
spec:
dnsPolicy: ClusterFirstWithHostNet
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- topologyKey: kubernetes.io/hostname
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- node-feature-discovery
containers:
- env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
image: k8s.gcr.io/nfd/node-feature-discovery:v0.6.0
name: nfd-worker
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
readOnlyRootFilesystem: true
runAsNonRoot: true
command:
- "nfd-worker"
args:
- "--oneshot"
- "--server=nfd-master:8080"
volumeMounts:
- name: host-boot
mountPath: "/host-boot"
readOnly: true
- name: host-os-release
mountPath: "/host-etc/os-release"
readOnly: true
- name: host-sys
mountPath: "/host-sys"
- name: source-d
mountPath: "/etc/kubernetes/node-feature-discovery/source.d/"
- name: features-d
mountPath: "/etc/kubernetes/node-feature-discovery/features.d/"
restartPolicy: Never
volumes:
- name: host-boot
hostPath:
path: "/boot"
- name: host-os-release
hostPath:
path: "/etc/os-release"
- name: host-sys
hostPath:
path: "/sys"
- name: source-d
hostPath:
path: "/etc/kubernetes/node-feature-discovery/source.d/"
- name: features-d
hostPath:
path: "/etc/kubernetes/node-feature-discovery/features.d/"
View git blame Copy permalink