Skip to content

Commit

Permalink
adding files for image hardening
Browse files Browse the repository at this point in the history
  • Loading branch information
@yogeshbidari
yogeshbidari committed Oct 9, 2019
1 parent 7b02c1a commit 94b0df3
Show file tree
Hide file tree
Showing 7 changed files with 925 additions and 0 deletions.
99 changes: 99 additions & 0 deletions arangodb.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,99 @@
apiVersion: v1
kind: Service
metadata:
name: arango
namespace: dev
labels:
service: arango
env: dev
spec:
clusterIP: None
ports:
- name: arango
port: 8529
targetPort: arango
publishNotReadyAddresses: true
selector:
service: arango
env: dev
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
name: arango-ui
namespace: dev
annotations:
cloud.google.com/load-balancer-type: "Internal"
labels:
service: arango
env: dev
spec:
externalTrafficPolicy: Cluster
ports:
- name: arango
nodePort: 30200
port: 9300
targetPort: arango
selector:
service: arango
env: dev
type: LoadBalancer
loadBalancerIP: "10.131.0.16"
loadBalancerSourceRanges:
- 10.0.0.0/8
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: arango
namespace: dev
labels:
service: arango
env: dev
spec:
serviceName: arango
replicas: 1
updateStrategy:
type: RollingUpdate
selector:
matchLabels:
service: arango
env: dev
template:
metadata:
labels:
service: arango
env: dev
spec:
terminationGracePeriodSeconds: 180
containers:
- name: arango
image: arangodb:3.3.8
imagePullPolicy: Always
securityContext:
privileged: false
ports:
- containerPort: 8529
name: arango
env:
- name: ARANGO_ROOT_PASSWORD
value: "admin@123"
- name: ARANGO_STORAGE_ENGINE
value: "rocksdb"
resources:
requests:
memory: "2G"
cpu: "300m"
limits:
memory: "3G"
cpu: "600m"
# volumeMounts:
# - name: arango-data
#mountPath: /var/lib/arangodb3
#volumeClaimTemplates:
#- metadata:
# name: arango-data
#spec:
#accessModes:
#- ReadWriteOnce
166 changes: 166 additions & 0 deletions cassandra.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,166 @@
apiVersion: v1
kind: Service
metadata:
name: cassandra
namespace: dev
labels:
service: cassandra
env: dev
spec:
clusterIP: None
ports:
- name: intra
port: 7000
targetPort: intra
- name: tls
port: 7001
targetPort: tls
- name: jmx
port: 7199
targetPort: jmx
- name: cql
port: 9042
targetPort: cql
- name: thrift
port: 9160
targetPort: thrift
publishNotReadyAddresses: true
selector:
service: cassandra
env: dev
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
name: cassandra-ui
namespace: dev
annotations:
cloud.google.com/load-balancer-type: "Internal"
labels:
service: cassandra
env: dev
spec:
externalTrafficPolicy: Cluster
ports:
- name: cql
nodePort: 30412
port: 9042
targetPort: cql
- name: thrift
nodePort: 30413
port: 9160
targetPort: thrift
selector:
service: cassandra
env: dev
type: LoadBalancer
loadBalancerIP: "10.131.0.8"
loadBalancerSourceRanges:
- 10.0.0.0/8
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: cassandra
namespace: dev
labels:
service: cassandra
env: dev
spec:
serviceName: cassandra
replicas: 3
updateStrategy:
type: OnDelete
selector:
matchLabels:
service: cassandra
env: dev
template:
metadata:
labels:
service: cassandra
env: dev
spec:
terminationGracePeriodSeconds: 120
containers:
- name: cassandra
image: bitnami/cassandra:3.11.3
imagePullPolicy: Always
securityContext:
privileged: false
ports:
- name: intra
containerPort: 7000
- name: tls
containerPort: 7001
- name: jmx
containerPort: 7199
- name: cql
containerPort: 9042
- name: thrift
containerPort: 9160
env:
- name: CASSANDRA_CLUSTER_NAME
value: cassandra
- name: CASSANDRA_SEEDS
value: cassandra-0.cassandra.dev.svc.cluster.local,cassandra-1.cassandra.dev.svc.cluster.local,cassandra-2.cassandra.dev.svc.cluster.local
- name: CASSANDRA_PASSWORD
value: admin@123
- name: POD_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: CASSANDRA_NUM_TOKENS
value: "256"
- name: CASSANDRA_DATACENTER
value: dc1
- name: CASSANDRA_ENDPOINT_SNITCH
value: SimpleSnitch
- name: CASSANDRA_RACK
value: rack1
- name: CASSANDRA_ENABLE_RPC
value: "true"
livenessProbe:
exec:
command:
- /bin/sh
- -c
- nodetool status
failureThreshold: 5
initialDelaySeconds: 60
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 5
readinessProbe:
exec:
command:
- /bin/sh
- -c
- nodetool status | grep -E "^UN\s+${POD_IP}"
failureThreshold: 5
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
resources:
requests:
memory: "2G"
cpu: "200m"
limits:
memory: "3G"
cpu: "400m"
command:
- bash
- -ec
- |
if [[ $HOSTNAME =~ (.*)-0$ ]]; then
export CASSANDRA_PASSWORD_SEEDER=yes
else
export CASSANDRA_IGNORE_INITDB_SCRIPTS=1
fi
/app-entrypoint.sh /run.sh
# volumeMounts:
#- name: cassandra-data
#mountPath: /bitnami/cassandra
Loading

0 comments on commit 94b0df3

Please sign in to comment.