Refactor squid configuration to include readiness and liveness probes, resource requests, and security context
This commit is contained in:
@@ -210,6 +210,34 @@ resource "kubernetes_deployment" "proxy_pt" {
|
||||
protocol = "TCP"
|
||||
}
|
||||
|
||||
readiness_probe {
|
||||
tcp_socket {
|
||||
port = "proxy"
|
||||
}
|
||||
initial_delay_seconds = 10
|
||||
timeout_seconds = 4
|
||||
}
|
||||
|
||||
liveness_probe {
|
||||
tcp_socket {
|
||||
port = "proxy"
|
||||
}
|
||||
initial_delay_seconds = 10
|
||||
timeout_seconds = 4
|
||||
}
|
||||
|
||||
resources {
|
||||
requests = {
|
||||
memory = "256Mi"
|
||||
}
|
||||
}
|
||||
|
||||
security_context {
|
||||
allow_privilege_escalation = false
|
||||
run_as_user = 1000
|
||||
run_as_group = 1000
|
||||
}
|
||||
|
||||
volume_mount {
|
||||
name = "squid-config"
|
||||
mount_path = "/etc/squid"
|
||||
|
||||
@@ -42,4 +42,7 @@ forwarded_for delete
|
||||
follow_x_forwarded_for deny all
|
||||
pipeline_prefetch on
|
||||
request_header_access From deny all
|
||||
request_header_access Server deny all
|
||||
request_header_access Server deny all
|
||||
pid_filename none
|
||||
access_log stdio:/dev/stdout
|
||||
cache_log stdio:/dev/stderr
|
||||
Reference in New Issue
Block a user