Skip to content

Latest commit



131 lines (101 loc) · 9.28 KB

File metadata and controls

131 lines (101 loc) · 9.28 KB


Podinfo is a tiny web application made with Go that showcases best practices of running microservices in Kubernetes.

Module Repository

This module is available on GitHub Container Registry at


To create an instance using the default values:

timoni -n default apply podinfo oci://

To install a specific module version:

timoni -n default apply podinfo oci:// -v 6.3.5

To change the default configuration, create one or more values.cue files and apply them to the instance.

For example, create a file my-values.cue with the following content:

values: {
	resources: requests: {
		cpu:    "100m"
		memory: "128Mi"

And apply the values with:

timoni -n default apply podinfo oci:// \
--values ./my-values.cue


To uninstall an instance and delete all its Kubernetes resources:

timoni -n default delete podinfo


General values

Key Type Default Description
image: tag: string <latest version> Container image tag
image: digest: string "" Container image digest, takes precedence over tag when specified
image: repository: string Container image repository
image: pullPolicy: string IfNotPresent Kubernetes image pull policy
metadata: labels: {[ string]: string} {} Common labels for all resources
metadata: annotations: {[ string]: string} {} Common annotations for all resources
podAnnotations: {[ string]: string} {} Annotations applied to pods
imagePullSecrets: [...corev1.LocalObjectReference] [] Kubernetes image pull secrets
tolerations: [ ...corev1.#Toleration] [] Kubernetes toleration
affinity: corev1.#Affinity {} Kubernetes affinity and anti-affinity
resources: corev1.#ResourceRequirements {} Kubernetes resource requests and limits
topologySpreadConstraints: [...corev1.#TopologySpreadConstraint] [] Kubernetes pod topology spread constraints
podSecurityContext: corev1.#PodSecurityContext {} Kubernetes pod security context
securityContext: corev1.#SecurityContext {} Kubernetes container security context

Recommended values

Comply with the restricted Kubernetes pod security standard:

values: {
	podSecurityContext: {
		runAsUser:  100
		runAsGroup: 101
		fsGroup:    101
	securityContext: {
		allowPrivilegeEscalation: false
		readOnlyRootFilesystem:   true
		runAsNonRoot:             true
		capabilities: drop: ["ALL"]
		seccompProfile: type: "RuntimeDefault"

Autoscaling values

Key Type Default Description
replicas: int 1 Number of pods when autoscaling is disabled
autoscaling: enabled: bool false Enable Kubernetes HPA creation
autoscaling: minReplicas: int replicas Minimum number of pods
autoscaling: maxReplicas: int minReplicas Maximum number of pods
autoscaling: cpu: int 99 CPU average utilization (percentage)
autoscaling: memory: string "" memory average value (e.g. 1024Mi)

Ingress values

Key Type Default Description
service: port: int 80 Kubernetes Service ClusterIP port
ingress: enabled: bool false Enable Kubernetes Ingress creation
ingress: tls: bool false Enable TLS (requires cert-manager)
ingress: host: string podinfo.local Ingress host
ingress: className: string "" Ingress class name
ingress: annotations: {[ string]: string} {} Annotations applied to ingress

Monitoring values

Key Type Default Description
monitoring: enabled: bool false Enable Prometheus ServiceMonitor creation
monitoring: interval: string 15s Prometheus scrape interval

Cashing values

Key Type Default Description
caching: enabled: bool false Enable Redis caching
caching: redisURL: string "" Redis URL in the format tcp://:[password]@host[:port]