--- apiVersion: apps/v1 kind: DaemonSet metadata: name: goldpinger labels: app: goldpinger spec: updateStrategy: type: RollingUpdate selector: matchLabels: app: goldpinger template: metadata: labels: app: goldpinger spec: securityContext: runAsNonRoot: true runAsUser: 1000 fsGroup: 2000 # if you'd like to use a secret to inject a kubeconfig, you can do it like this volumes: - name: kubeconfig secret: secretName: goldpinger-kubeconfig containers: - name: goldpinger env: - name: HOST value: "0.0.0.0" - name: PORT value: "8080" # kubeconfig needs to match the location of what's injected in the secret # if not specified goldpinger will default to using in-cluster config - name: KUBECONFIG value: "/.kube/config" # refresh interval (seconds) tells goldpinger to call every other instance with that frequency (set to 0 to disable) - name: REFRESH_INTERVAL value: "30" # injecting real hostname will make for easier to understand graphs/metrics - name: HOSTNAME valueFrom: fieldRef: fieldPath: spec.nodeName # podIP is used to select randomized subset of nodes to ping. - name: POD_IP valueFrom: fieldRef: fieldPath: status.podIP image: "docker.io/bloomberg/goldpinger:v3.0.0" imagePullPolicy: Always securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true resources: limits: memory: 80Mi requests: cpu: 1m memory: 40Mi ports: - containerPort: 8080 name: http readinessProbe: httpGet: path: /healthz port: 8080 initialDelaySeconds: 20 periodSeconds: 5 livenessProbe: httpGet: path: /healthz port: 8080 initialDelaySeconds: 20 periodSeconds: 5 volumeMounts: - mountPath: /.kube/ name: kubeconfig readOnly: true --- apiVersion: v1 kind: Service metadata: name: goldpinger labels: app: goldpinger spec: type: NodePort ports: - port: 8080 nodePort: 30080 name: http selector: app: goldpinger