# # Copyright 2023 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # --- apiVersion: v1 kind: ConfigMap metadata: name: chaostoolkit-resources-templates data: chaostoolkit-pod.yaml: |- apiVersion: v1 kind: Pod metadata: name: chaostoolkit labels: app: chaostoolkit app.kubernetes.io/name: chaostoolkit spec: restartPolicy: Never serviceAccountName: chaostoolkit topologySpreadConstraints: - maxSkew: 1 topologyKey: topology.kubernetes.io/zone whenUnsatisfiable: ScheduleAnyway labelSelector: matchLabels: app.kubernetes.io/name: chaostoolkit containers: - name: chaostoolkit image: chaostoolkit/chaostoolkit imagePullPolicy: Always command: - chaos args: - run - $(EXPERIMENT_PATH) env: - name: CHAOSTOOLKIT_IN_POD value: "true" - name: EXPERIMENT_PATH value: "/home/svc/experiment.json" envFrom: - configMapRef: name: chaostoolkit-env resources: limits: cpu: 500m memory: 500Mi requests: cpu: 500m memory: 500Mi volumeMounts: - name: chaostoolkit-settings mountPath: /home/svc/.chaostoolkit/ readOnly: true - name: chaostoolkit-experiment mountPath: /home/svc/experiment.json subPath: experiment.json readOnly: true securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: false runAsNonRoot: true volumes: - name: chaostoolkit-settings secret: secretName: chaostoolkit-settings - name: chaostoolkit-experiment configMap: name: chaostoolkit-experiment