# This file is part of Rok. # # Copyright © 2020-2021 Arrikto Inc. All Rights Reserved. apiVersion: v1 kind: ServiceAccount metadata: name: rok-tools-docker labels: app: rok-tools-docker --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: rok-tools-docker-cluster-admin subjects: - kind: ServiceAccount name: rok-tools-docker namespace: default roleRef: kind: ClusterRole name: cluster-admin apiGroup: rbac.authorization.k8s.io --- apiVersion: v1 kind: Service metadata: name: rok-tools-docker spec: selector: app: rok-tools-docker ports: - protocol: TCP port: 80 targetPort: 80 name: http - protocol: TCP port: 8080 targetPort: 8080 name: port-forward --- apiVersion: apps/v1 kind: StatefulSet metadata: name: rok-tools-docker labels: app: rok-tools-docker spec: replicas: 1 serviceName: rok-tools-docker selector: matchLabels: app: rok-tools-docker template: metadata: labels: app: rok-tools-docker spec: # hostPID: true serviceAccountName: rok-tools-docker containers: - name: rok-tools-docker image: gcr.io/arrikto/rok-tools:release-2.0-l0-release-2.0.2 imagePullPolicy: IfNotPresent workingDir: /root ports: - containerPort: 80 - containerPort: 8080 volumeMounts: - name: data mountPath: /root - name: docker-socket mountPath: /var/run # securityContext: # privileged: true - name: dind-daemon image: docker:19.03-dind resources: requests: cpu: 20m memory: 128Mi securityContext: privileged: true volumeMounts: - name: docker mountPath: /var/lib/docker - name: docker-socket mountPath: /var/run volumes: - name: docker-socket emptyDir: {} volumeClaimTemplates: - metadata: name: data spec: accessModes: ["ReadWriteOnce"] resources: requests: storage: 100Gi storageClassName: default - metadata: name: docker spec: accessModes: ["ReadWriteOnce"] resources: requests: storage: 100Gi storageClassName: default