github.com/percona/percona-xtradb-cluster-operator@v1.14.0/e2e-tests/security-context/compare/pod_restore-src-restore-pvc-sec-context.yml

github.com/percona/percona-xtradb-cluster-operator@v1.14.0/e2e-tests/security-context/compare/pod_restore-src-restore-pvc-sec-context.yml (about)

     1  apiVersion: v1
     2  kind: Pod
     3  metadata:
     4    annotations:
     5      openshift.io/scc: privileged
     6    labels:
     7      name: restore-src-restore-pvc-sec-context
     8    name: restore-src-restore-pvc-sec-context
     9    ownerReferences:
    10      - controller: true
    11        kind: PerconaXtraDBClusterRestore
    12        name: restore-pvc
    13  spec:
    14    containers:
    15      - command:
    16          - recovery-pvc-donor.sh
    17        imagePullPolicy: Always
    18        name: ncat
    19        resources: {}
    20        securityContext:
    21          privileged: true
    22        terminationMessagePath: /dev/termination-log
    23        terminationMessagePolicy: File
    24        volumeMounts:
    25          - mountPath: /backup
    26            name: backup
    27          - mountPath: /etc/mysql/ssl
    28            name: ssl
    29          - mountPath: /etc/mysql/ssl-internal
    30            name: ssl-internal
    31          - mountPath: /etc/mysql/vault-keyring-secret
    32            name: vault-keyring-secret
    33          - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
    34            name: kube-api-access
    35            readOnly: true
    36    dnsPolicy: ClusterFirst
    37    priority: 0
    38    restartPolicy: Always
    39    schedulerName: default-scheduler
    40    securityContext:
    41      fsGroup: 1001
    42      supplementalGroups:
    43        - 1001
    44        - 1002
    45        - 1003
    46    serviceAccount: percona-xtradb-cluster-operator-workload
    47    serviceAccountName: percona-xtradb-cluster-operator-workload
    48    terminationGracePeriodSeconds: 30
    49    tolerations:
    50      - effect: NoExecute
    51        key: node.kubernetes.io/not-ready
    52        operator: Exists
    53        tolerationSeconds: 300
    54      - effect: NoExecute
    55        key: node.kubernetes.io/unreachable
    56        operator: Exists
    57        tolerationSeconds: 300
    58    volumes:
    59      - name: backup
    60        persistentVolumeClaim:
    61          claimName: xb-on-demand-backup-pvc
    62      - name: ssl-internal
    63        secret:
    64          defaultMode: 420
    65          optional: true
    66          secretName: some-name-ssl-internal
    67      - name: ssl
    68        secret:
    69          defaultMode: 420
    70          optional: false
    71          secretName: some-name-ssl
    72      - name: vault-keyring-secret
    73        secret:
    74          defaultMode: 420
    75          optional: true
    76          secretName: sec-context-vault
    77      - name: kube-api-access
    78        projected:
    79          defaultMode: 420
    80          sources:
    81            - serviceAccountToken:
    82                expirationSeconds: 3607
    83                path: token
    84            - configMap:
    85                items:
    86                  - key: ca.crt
    87                    path: ca.crt
    88                name: kube-root-ca.crt
    89            - downwardAPI:
    90                items:
    91                  - fieldRef:
    92                      apiVersion: v1
    93                      fieldPath: metadata.namespace
    94                    path: namespace