github.com/m3db/m3@v1.5.1-0.20231129193456-75a402aa583b/kube/sysctl-daemonset.yaml (about) 1 # This manifest provides a daemonset that will ensure the host's sysctls are set 2 # to M3DB's recommended values. 3 # 4 # WARNING: This will run a PRIVILEGED ROOT container on your HOST that will 5 # modify host sysctl values. This is designed for managed Kubernetes platforms 6 # that may have restrictions like read-only root FS, inability to set startup 7 # scripts, etc. In very rare circumstances should you use this, and should 8 # instead opt to use your usual host provisioning tooling to set these values. 9 # 10 # This daemonset pins to a specific SHA digest in the event that the M3DB Quay 11 # repo is ever compromised. The manifest of this image can be verified here: 12 # https://quay.io/repository/m3/sysctl-setter/manifest/sha256:e003ee817fa573c38507667ca2e22634a1cb039fdb849f8ac0da98cc254a674e 13 14 apiVersion: apps/v1 15 kind: DaemonSet 16 metadata: 17 name: sysctl-setter-ds 18 namespace: default 19 labels: 20 app: sysctl-setter 21 spec: 22 updateStrategy: 23 type: RollingUpdate 24 selector: 25 matchLabels: 26 app: sysctl-setter 27 template: 28 metadata: 29 labels: 30 app: sysctl-setter 31 spec: 32 terminationGracePeriodSeconds: 5 33 containers: 34 - image: quay.io/m3/sysctl-setter@sha256:e003ee817fa573c38507667ca2e22634a1cb039fdb849f8ac0da98cc254a674e 35 imagePullPolicy: Always 36 name: sysctl-setter 37 securityContext: 38 privileged: true