--- apiVersion: v1 kind: Namespace metadata: name: heptio-sonobuoy --- apiVersion: v1 kind: ServiceAccount metadata: labels: component: sonobuoy name: sonobuoy-serviceaccount namespace: heptio-sonobuoy --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: labels: component: sonobuoy name: sonobuoy-serviceaccount roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: sonobuoy-serviceaccount subjects: - kind: ServiceAccount name: sonobuoy-serviceaccount namespace: heptio-sonobuoy --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: labels: component: sonobuoy name: sonobuoy-serviceaccount namespace: heptio-sonobuoy rules: - apiGroups: - '*' resources: - '*' verbs: - '*' --- apiVersion: v1 data: config.json: | { "Description": "EXAMPLE", "Filters": { "LabelSelector": "", "Namespaces": ".*" }, "PluginNamespace": "heptio-sonobuoy", "Plugins": [ { "name": "e2e" } ], "Resources": [ "CertificateSigningRequests", "ClusterRoleBindings", "ClusterRoles", "ComponentStatuses", "CustomResourceDefinitions", "Nodes", "PersistentVolumes", "PodSecurityPolicies", "ServerVersion", "StorageClasses", "ConfigMaps", "DaemonSets", "Deployments", "Endpoints", "Events", "HorizontalPodAutoscalers", "Ingresses", "Jobs", "LimitRanges", "PersistentVolumeClaims", "Pods", "PodDisruptionBudgets", "PodTemplates", "ReplicaSets", "ReplicationControllers", "ResourceQuotas", "RoleBindings", "Roles", "ServerGroups", "ServiceAccounts", "Services", "StatefulSets" ], "ResultsDir": "/tmp/sonobuoy", "Server": { "advertiseaddress": "sonobuoy-master:8080", "bindaddress": "0.0.0.0", "bindport": 8080, "timeoutseconds": 5400 }, "Version": "v0.9.0" } kind: ConfigMap metadata: labels: component: sonobuoy name: sonobuoy-config-cm namespace: heptio-sonobuoy --- apiVersion: v1 data: e2e.yaml: | driver: Job name: e2e resultType: e2e spec: containers: - env: - name: E2E_FOCUS value: Conformance image: gcr.io/heptio-images/kube-conformance:v1.8 imagePullPolicy: Always name: e2e volumeMounts: - mountPath: /tmp/results name: results - command: - sh - -c - /sonobuoy worker global -v 5 --logtostderr env: - name: NODE_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName - name: RESULTS_DIR value: /tmp/results image: gcr.io/heptio-images/sonobuoy:master imagePullPolicy: Always name: sonobuoy-worker volumeMounts: - mountPath: /etc/sonobuoy name: config - mountPath: /tmp/results name: results restartPolicy: Never serviceAccountName: sonobuoy-serviceaccount tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - key: CriticalAddonsOnly operator: Exists volumes: - emptyDir: {} name: results - configMap: name: __SONOBUOY_CONFIGMAP__ name: config systemdlogs.yaml: | driver: DaemonSet name: systemd_logs resultType: systemd_logs spec: containers: - command: - sh - -c - /get_systemd_logs.sh && sleep 3600 env: - name: NODE_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName - name: RESULTS_DIR value: /tmp/results - name: CHROOT_DIR value: /node image: gcr.io/heptio-images/sonobuoy-plugin-systemd-logs:latest imagePullPolicy: Always name: systemd-logs securityContext: privileged: true volumeMounts: - mountPath: /node name: root - mountPath: /tmp/results name: results - mountPath: /etc/sonobuoy name: config - command: - sh - -c - /sonobuoy worker single-node -v 5 --logtostderr && sleep 3600 env: - name: NODE_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName - name: RESULTS_DIR value: /tmp/results image: gcr.io/heptio-images/sonobuoy:master imagePullPolicy: Always name: sonobuoy-worker securityContext: privileged: true volumeMounts: - mountPath: /tmp/results name: results - mountPath: /etc/sonobuoy name: config dnsPolicy: ClusterFirstWithHostNet hostIPC: true hostNetwork: true hostPID: true tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - key: CriticalAddonsOnly operator: Exists volumes: - hostPath: path: / name: root - emptyDir: {} name: results - configMap: name: __SONOBUOY_CONFIGMAP__ name: config kind: ConfigMap metadata: labels: component: sonobuoy name: sonobuoy-plugins-cm namespace: heptio-sonobuoy --- apiVersion: v1 kind: Pod metadata: labels: component: sonobuoy run: sonobuoy-master tier: analysis name: sonobuoy namespace: heptio-sonobuoy spec: nodeSelector: kubernetes.io/hostname: n0 containers: - command: - /bin/bash - -c - /sonobuoy master -v 3 --logtostderr env: - name: SONOBUOY_ADVERTISE_IP valueFrom: fieldRef: fieldPath: status.podIP image: gcr.io/heptio-images/sonobuoy:master imagePullPolicy: Always name: kube-sonobuoy volumeMounts: - mountPath: /etc/sonobuoy name: sonobuoy-config-volume - mountPath: /plugins.d name: sonobuoy-plugins-volume - mountPath: /tmp/sonobuoy name: output-volume restartPolicy: Never serviceAccountName: sonobuoy-serviceaccount volumes: - configMap: name: sonobuoy-config-cm name: sonobuoy-config-volume - configMap: name: sonobuoy-plugins-cm name: sonobuoy-plugins-volume - hostPath: path: /mnt/sonobuoy type: Directory name: output-volume --- apiVersion: v1 kind: Service metadata: labels: component: sonobuoy run: sonobuoy-master name: sonobuoy-master namespace: heptio-sonobuoy spec: ports: - port: 8080 protocol: TCP targetPort: 8080 selector: run: sonobuoy-master type: ClusterIP