github.com/m3db/m3@v1.5.1-0.20231129193456-75a402aa583b/kube/sysctl-daemonset.yaml (about)

     1  # This manifest provides a daemonset that will ensure the host's sysctls are set
     2  # to M3DB's recommended values.
     3  #
     4  # WARNING: This will run a PRIVILEGED ROOT container on your HOST that will
     5  # modify host sysctl values. This is designed for managed Kubernetes platforms
     6  # that may have restrictions like read-only root FS, inability to set startup
     7  # scripts, etc. In very rare circumstances should you use this, and should
     8  # instead opt to use your usual host provisioning tooling to set these values.
     9  #
    10  # This daemonset pins to a specific SHA digest in the event that the M3DB Quay
    11  # repo is ever compromised. The manifest of this image can be verified here:
    12  # https://quay.io/repository/m3/sysctl-setter/manifest/sha256:e003ee817fa573c38507667ca2e22634a1cb039fdb849f8ac0da98cc254a674e
    13  
    14  apiVersion: apps/v1
    15  kind: DaemonSet
    16  metadata:
    17    name: sysctl-setter-ds
    18    namespace: default
    19    labels:
    20      app: sysctl-setter
    21  spec:
    22    updateStrategy:
    23      type: RollingUpdate
    24    selector:
    25      matchLabels:
    26        app: sysctl-setter
    27    template:
    28      metadata:
    29        labels:
    30          app: sysctl-setter
    31      spec:
    32        terminationGracePeriodSeconds: 5
    33        containers:
    34        - image: quay.io/m3/sysctl-setter@sha256:e003ee817fa573c38507667ca2e22634a1cb039fdb849f8ac0da98cc254a674e
    35          imagePullPolicy: Always
    36          name: sysctl-setter
    37          securityContext:
    38            privileged: true