2019-04-23 10:07:45 +00:00
|
|
|
apiVersion: apps/v1
|
|
|
|
kind: StatefulSet
|
|
|
|
metadata:
|
|
|
|
labels:
|
|
|
|
app: buildkitd
|
|
|
|
name: buildkitd
|
|
|
|
spec:
|
|
|
|
serviceName: buildkitd
|
2019-11-12 10:24:52 +00:00
|
|
|
podManagementPolicy: Parallel
|
2019-04-23 10:07:45 +00:00
|
|
|
replicas: 1
|
|
|
|
selector:
|
|
|
|
matchLabels:
|
|
|
|
app: buildkitd
|
|
|
|
template:
|
|
|
|
metadata:
|
|
|
|
labels:
|
|
|
|
app: buildkitd
|
|
|
|
annotations:
|
|
|
|
container.apparmor.security.beta.kubernetes.io/buildkitd: unconfined
|
|
|
|
container.seccomp.security.alpha.kubernetes.io/buildkitd: unconfined
|
|
|
|
# see buildkit/docs/rootless.md for caveats of rootless mode
|
|
|
|
spec:
|
|
|
|
containers:
|
|
|
|
- name: buildkitd
|
|
|
|
image: moby/buildkit:master-rootless
|
|
|
|
args:
|
|
|
|
- --oci-worker-no-process-sandbox
|
2019-10-11 17:20:52 +00:00
|
|
|
securityContext:
|
|
|
|
# To change UID/GID, you need to rebuild the image
|
|
|
|
runAsUser: 1000
|
|
|
|
runAsGroup: 1000
|