-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathds-debug-tools.yaml
More file actions
140 lines (140 loc) · 3.53 KB
/
ds-debug-tools.yaml
File metadata and controls
140 lines (140 loc) · 3.53 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
apiVersion: v1
kind: ConfigMap
metadata:
name: ssh-dir
namespace: kube-system
data:
authorized_keys: |
ssh-rsa AAAAB3NzaC1....
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
app: sshd
name: sshd
namespace: kube-system
spec:
revisionHistoryLimit: 3
selector:
matchLabels:
app: sshd
template:
metadata:
labels:
app: sshd
spec:
containers:
- image: ghcr.io/aarnaud/talos-debug-tools:latest-6.6.29
imagePullPolicy: IfNotPresent
name: debug-container
resources: {}
securityContext:
allowPrivilegeEscalation: true
capabilities:
add:
- SYS_ADMIN
privileged: true
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /run/containerd
name: run-containerd
- mountPath: /var/log/pods
name: var-log-pods
- mountPath: /root/.ssh/authorized_keys
name: ssh-dir
subPath: authorized_keys
- mountPath: /var/lib/kubelet
mountPropagation: Bidirectional
name: kubelet-dir
- mountPath: /lib/modules
name: modules-dir
readOnly: true
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /run/udev
name: udev-data
- mountPath: /host
mountPropagation: Bidirectional
name: host-dir
- mountPath: /sys
name: sys-dir
- mountPath: /dev
name: dev-dir
- mountPath: /sys/firmware/efi/efivars
name: efivars
dnsPolicy: ClusterFirstWithHostNet
hostIPC: true
hostPID: true
hostNetwork: true
restartPolicy: Always
schedulerName: default-scheduler
securityContext:
runAsNonRoot: false
seccompProfile:
type: RuntimeDefault
terminationGracePeriodSeconds: 30
volumes:
- hostPath:
path: /
type: ""
name: hostfs
- hostPath:
path: /run/containerd
type: ""
name: run-containerd
- hostPath:
path: /var/lib/kubelet/plugins
type: Directory
name: plugins-dir
- hostPath:
path: /var/lib/kubelet/plugins_registry
type: Directory
name: registration-dir
- hostPath:
path: /var/lib/kubelet
type: Directory
name: kubelet-dir
- hostPath:
path: /dev
type: Directory
name: dev-dir
- hostPath:
path: /lib/modules
type: ""
name: modules-dir
- hostPath:
path: /etc/localtime
type: ""
name: localtime
- hostPath:
path: /run/udev
type: ""
name: udev-data
- hostPath:
path: /sys
type: Directory
name: sys-dir
- hostPath:
path: /
type: Directory
name: host-dir
- hostPath:
path: /var/log/pods
type: ""
name: var-log-pods
- hostPath:
path: /sys/firmware/efi/efivars
type: ""
name: efivars
- configMap:
defaultMode: 448
name: ssh-dir
name: ssh-dir
updateStrategy:
rollingUpdate:
maxSurge: 0
maxUnavailable: 1
type: RollingUpdate