Catalog Details

• CATEGORY

  deployment

• CREATED BY

  Bhuminjay Soni

• UPDATED AT

  June 13, 2024

• VERSION

  1.0

Pattern Snapshot

Related Patterns

deployment

Fault-tolerant batch workloads on GKE

MESHERY4b55

What this pattern does:

This YAML manifest defines a Kubernetes Deployment for the Thanos Operator, named "thanos-operator," with one replica. The deployment's pod template is labeled "app: thanos-operator" and includes security settings to run as a non-root user with specific user (1000) and group (2000) IDs. The main container, also named "thanos-operator," uses the "thanos-io/thanos:latest" image, runs with minimal privileges, and starts with the argument "--log.level=info." It listens on port 8080 for HTTP traffic and has liveness and readiness probes set to check the "/metrics" endpoint. Resource requests and limits are defined for CPU and memory. Additionally, the pod is scheduled on Linux nodes with specific node affinity rules and tolerations for certain node taints, ensuring appropriate node placement and scheduling.

Caveats and Consideration:

1. Security Context: 1.1 The runAsUser: 1000 and fsGroup: 2000 settings are essential for running the container with non-root privileges. Ensure that these user IDs are correctly configured and have the necessary permissions within your environment. 1.2 Dropping all capabilities (drop: - ALL) enhances security but may limit certain functionalities. Verify that the Thanos container does not require any additional capabilities. 2. Image Tag: The image tag is set to "latest," which can introduce instability since it pulls the most recent image version that might not be thoroughly tested. Consider specifying a specific, stable version tag for better control over updates and rollbacks. 3. Resource Requests and Limits: The defined resource requests and limits (memory: "64Mi"/"128Mi", cpu: "250m"/"500m") might need adjustment based on the actual workload and performance characteristics of the Thanos Operator in your environment. Monitor resource usage and tweak these settings accordingly to prevent resource starvation or over-provisioning.

Compatibility:

Recent Discussions with "meshery" Tag

• May 19 | Newcomer looking for guidance Faisal Imtiyaz123
• May 17 | Doubt regarding plugins in Meshery UI Utsav Lal
• Apr 14 | Unable to deploy meshery to minikube Shahid Ilhan
• May 08 | No reachable contexts found in the uploaded kube config Christopher Kalule
• May 08 | Meshery Development Meeting | May 8th 2024 Yash Sharma
• May 01 | WEBINAR: Making the CNCF Landscape interactive with Meshery Sandra Ashipala
• Apr 24 | Meshery Development Meeting | April 24th 2024 Yash Sharma
• Mar 11 | [Help Wanted] A list of open DevOps-centric needs on Meshery projects Lee Calcote
• Apr 16 | Help needed for setup of meshery cli Pratiksha Sankhe
• Apr 17 | Meshery Development Meeting | April 17th 2024 Yash Sharma