k8s-deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: movies-java
  labels:
    app: movies-java
spec:
  replicas: 1
  selector:
    matchLabels:
      app: movies-java
  template:
    metadata:
      name: movies-java
      labels:
        app: movies-java
    spec:
      shareProcessNamespace: true
      #      securityContext:
      #        sysctls:
      #          - name: kernel.perf_event_paranoid
      #            value: "1"
      #          - name: kernel.kptr_restrict
      #            value: "0"
      containers:
        - name: movies-java
          image: registry.cn-hangzhou.aliyuncs.com/zhangyicloud/movies-java:0.3.0
          imagePullPolicy: Always
          securityContext:
            runAsUser: 1234
            runAsGroup: 1234
#            privileged: true
            seccompProfile:
              type: Unconfined
          volumeMounts:
            - mountPath: /app/datakit-profiler
              name: profile-volume
            - mountPath: /tmp
              name: tmp
          env:
            - name: JAVA_OPTS
              value: ""

        - name: datakit
          image: pubrepo.jiagouyun.com/datakit/datakit:1.6.0
          imagePullPolicy: IfNotPresent
          env:
            - name: ENV_DATAWAY
              value: "https://openway.guance.com?token=tkn_2af4b19d7f5a489fa81f0fff7e63b588"
            - name: ENV_DEFAULT_ENABLED_INPUTS
              value: "container,ddtrace,profile,self"
            - name: ENV_LOG
              value: stdout
            - name: ENV_GIN_LOG
              value: stdout
            - name: ENV_HTTP_LISTEN
              value: "0.0.0.0:9529"

        # 这里使用 async_profiler 进行 profiling
        - name: datakit-profiler
          image: pubrepo.jiagouyun.com/dataflux/async-profiler:0.1.0
          imagePullPolicy: IfNotPresent
          volumeMounts:
            - mountPath: /etc/localtime  # Synchronize Container Timezone with host
              name: timezone
              readOnly: true
            - mountPath: /app/datakit-profiler
              name: profile-volume
            - mountPath: /tmp
              name: tmp
          workingDir: /app/datakit-profiler
          env:
            - name: DK_AGENT_HOST # datakit listening host
              value: "127.0.0.1"
            - name: DK_AGENT_PORT # datakit listening port
              value: "9529"
            - name: DK_PROFILE_VERSION # user's app version
              value: "1.2.333"
            - name: DK_PROFILE_ENV # user's app deployment env
              value: "prod"
            - name: DK_PROFILE_DURATION # profiling duration every time
              value: "240"
            - name: DK_PROFILE_SCHEDULE # profiling schedule plan
              value: "*/20 * * * *"
          command:
            - "./cmd.sh"
          securityContext:
            capabilities:
              add:
                - SYS_PTRACE
                - SYS_ADMIN
      restartPolicy: Always
      volumes:
        - name: profile-volume
          emptyDir: {}
        - name: tmp
          emptyDir: {}
        - name: timezone
          hostPath:
            path: /etc/localtime
            type: FileOrCreate