apiVersion: apps/v1 kind: Deployment metadata: labels: app: appka name: appka namespace: appka-1 spec: replicas: 3 selector: matchLabels: app: appka template: metadata: labels: app: appka actorSystemName: appka spec: containers: - name: appka image: pekko-sample-cluster-kubernetes-java:latest # remove for real clusters, useful for minikube imagePullPolicy: Never readinessProbe: httpGet: path: /ready port: management periodSeconds: 10 failureThreshold: 3 initialDelaySeconds: 10 livenessProbe: httpGet: path: "/alive" port: management periodSeconds: 10 failureThreshold: 5 initialDelaySeconds: 20 ports: # pekko remoting - name: remoting containerPort: 7355 protocol: TCP # pekko-management and bootstrap - name: management containerPort: 8558 protocol: TCP - name: http containerPort: 8080 protocol: TCP env: - name: NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: REQUIRED_CONTACT_POINT_NR value: "2" --- kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: pod-reader namespace: appka-1 rules: - apiGroups: [""] # "" indicates the core API group resources: ["pods"] verbs: ["get", "watch", "list"] --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: read-pods namespace: appka-1 subjects: # Note the `name` line below. The first default refers to the namespace. The second refers to the service account name. # For instance, `name: system:serviceaccount:myns:default` would refer to the default service account in namespace `myns` - kind: User name: system:serviceaccount:appka-1:default roleRef: kind: Role name: pod-reader apiGroup: rbac.authorization.k8s.io