apiVersion: apps/v1 kind: DaemonSet metadata: name: resource-governance namespace: resource-governance labels: app.kubernetes.io/name: resource-governance app.kubernetes.io/component: governance spec: selector: matchLabels: app.kubernetes.io/name: resource-governance app.kubernetes.io/component: governance template: metadata: labels: app.kubernetes.io/name: resource-governance app.kubernetes.io/component: governance spec: serviceAccountName: resource-governance-sa securityContext: runAsNonRoot: true runAsUser: 1000940000 fsGroup: 1000940000 containers: - name: resource-governance image: python:3.11-slim imagePullPolicy: IfNotPresent ports: - containerPort: 8080 name: http protocol: TCP securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL seccompProfile: type: RuntimeDefault command: ['sh', '-c'] args: - | apt-get update && apt-get install -y git curl git clone https://github.com/andersonid/openshift-resource-governance.git /tmp/app cd /tmp/app pip install --no-cache-dir -r requirements.txt python -m uvicorn app.main:app --host 0.0.0.0 --port 8080 env: - name: KUBECONFIG value: "/var/run/secrets/kubernetes.io/serviceaccount/token" - name: CPU_LIMIT_RATIO valueFrom: configMapKeyRef: name: resource-governance-config key: CPU_LIMIT_RATIO - name: MEMORY_LIMIT_RATIO valueFrom: configMapKeyRef: name: resource-governance-config key: MEMORY_LIMIT_RATIO - name: PROMETHEUS_URL valueFrom: configMapKeyRef: name: resource-governance-config key: PROMETHEUS_URL - name: VPA_NAMESPACES valueFrom: configMapKeyRef: name: resource-governance-config key: VPA_NAMESPACES - name: LOG_LEVEL valueFrom: configMapKeyRef: name: resource-governance-config key: LOG_LEVEL resources: requests: memory: "128Mi" cpu: "100m" limits: memory: "512Mi" cpu: "500m" livenessProbe: httpGet: path: /health port: 8080 initialDelaySeconds: 60 periodSeconds: 10 readinessProbe: httpGet: path: /health port: 8080 initialDelaySeconds: 30 periodSeconds: 5 nodeSelector: kubernetes.io/os: linux tolerations: - operator: Exists effect: NoSchedule