...
Code Block |
---|
language | yml |
---|
title | parasoft-permissions.yaml |
---|
|
apiVersion: v1
kind: ServiceAccount
metadata:
name: parasoft-account
namespace: parasoft-sv-namespace
automountServiceAccountToken: true
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: parasoft-read
namespace: parasoft-sv-namespace
rules:
- apiGroups:
- "*"
resources:
- "*namespaces"
verbs:
- get"pods"
- readverbs:
- listget
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: parasoft-read-bind
namespace: parasoft-sv-namespace
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: parasoft-read
subjects:
- kind: ServiceAccount
name: parasoft-account
namespace: parasoft-sv-namespace |
...
Code Block |
---|
language | yml |
---|
title | soavirt.yaml |
---|
|
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: soavirt
namespace: parasoft-sv-namespace
labels:
tag: soavirt
spec:
replicas: 1
selector:
matchLabels:
tag: soavirt
serviceName: soavirt
template:
metadata:
labels:
tag: soavirt
spec:
securityContext:
runAsNonRoot: true
serviceAccountName: parasoft-account
automountServiceAccountToken: true
volumes:
- name: soavirt-pv
persistentVolumeClaim:
claimName: soavirt-pvc
- name: soavirt-config
configMap:
name: soavirt-config
containers:
- name: soavirt
image: parasoft/soavirt-server
imagePullPolicy: IfNotPresent
# When running on Kubernetes nodes with more securityContext:
than 32 CPU cores the product will print the following allowPrivilegeEscalation:in false
the logs: This machine exceeds the licensed number of CPU capabilities:cores
# To reduce the number of cores available, uncomment the following resource drop: ["ALL"]
seccompProfile:
type: RuntimeDefault
specification (if you are using OpenShift, see the note below) or contact Parasoft to enable running on higher core counts.
# resources:
# volumeMountslimits:
# - name: soavirt-pv
cpu: "4"
mountPathsecurityContext: /usr/local/parasoft/soavirt/webapps/ROOT/workspace
- nameallowPrivilegeEscalation: soavirt-configfalse
mountPathcapabilities: /usr/local/parasoft/soavirt/webapps/config.properties
subPathdrop: config.properties
["ALL"]
ports seccompProfile:
- name: http
containerPorttype: 9080RuntimeDefault
startupProbevolumeMounts:
- httpGet:name: soavirt-pv
pathmountPath: /usr/local/parasoft/soavirt/apiwebapps/v6ROOT/healthcheckworkspace
- portname: 9080soavirt-config
initialDelaySecondsmountPath: 30/usr/local/parasoft/soavirt/webapps/config.properties
periodSecondssubPath: 30config.properties
timeoutSeconds: 30ports:
- name: http
failureThresholdcontainerPort: 39080
livenessProbestartupProbe:
httpGet:
path: /soavirt/api/v6/healthcheck
port: 9080
initialDelaySeconds: 30
periodSeconds: 30
timeoutSeconds: 30
envfailureThreshold: 3
- name: CATALINA_OPTSlivenessProbe:
value: "-Dparasoft.auto.deploy.new=falsehttpGet:
path: /soavirt/api/v6/healthcheck
-Dparasoft.cloudvm=true
port: 9080
initialDelaySeconds: -Dparasoft.cloudvm.config=Kubernetes"
30
- nameperiodSeconds: PARASOFT_POD_NAME30
valueFromtimeoutSeconds:
fieldRef:30
fieldPath: metadata.nameenv:
- name: PARASOFTCATALINA_POD_NAMESPACEOPTS
valueFrom:value: "-Dparasoft.auto.deploy.new=false
fieldRef:
-Dparasoft.cloudvm=true
fieldPath: metadata.namespace -Dparasoft.cloudvm.config=Kubernetes"
- name: PARASOFT_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: PARASOFT_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace |
Info |
---|
|
If you are using OpenShift and your host is using more than 32 cores, you will need to look at your OpenShift version's documentation about Quotas and Limit Ranges for CPU as there are significant differences between versions. This link is to the documentation for version 4.16, but you should consult the documentation for your exact version: https://docs.openshift.com/container-platform/4.16/nodes/clusters/nodes-cluster-limit-ranges.html |
Use the yaml file to create the SOAVirt server:
...