apiVersion: apps/v1 kind: Deployment metadata: labels: app: containerized-data-importer app.kubernetes.io/component: storage app.kubernetes.io/managed-by: cdi-operator cdi.kubevirt.io: "" prometheus.cdi.kubevirt.io: "true" name: cdi-deployment namespace: "{{ namespace }}" spec: progressDeadlineSeconds: 600 replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: app: containerized-data-importer strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: creationTimestamp: null labels: app: containerized-data-importer app.kubernetes.io/component: storage app.kubernetes.io/managed-by: cdi-operator cdi.kubevirt.io: "" prometheus.cdi.kubevirt.io: "true" spec: containers: - args: - -v=1 env: - name: IMPORTER_IMAGE value: quay.io/kubevirt/cdi-importer@sha256:3143bbc67cdc6267eb48b7eaac664b8551ac4c11401dfbf4921efd3f233e6ce9 - name: CLONER_IMAGE value: quay.io/kubevirt/cdi-cloner@sha256:9d31b14f23259398c5bac636f5ead13ad0afd6fe8eeab4499e8e047b4d85074f - name: UPLOADSERVER_IMAGE value: quay.io/kubevirt/cdi-uploadserver@sha256:30f1827d3696cf996b081c22c3267ca78e7219c872fdb54950198fa54359f6ee - name: UPLOADPROXY_SERVICE value: cdi-uploadproxy - name: PULL_POLICY value: IfNotPresent - name: INSTALLER_PART_OF_LABEL valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.labels['app.kubernetes.io/part-of'] - name: INSTALLER_VERSION_LABEL valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.labels['app.kubernetes.io/version'] image: quay.io/kubevirt/cdi-controller@sha256:27c47883a08226f83757971d3adafb0cd9bcb26e58fbcf7208236070e0adf37e imagePullPolicy: IfNotPresent name: cdi-controller ports: - containerPort: 8080 name: metrics protocol: TCP readinessProbe: exec: command: - cat - /tmp/ready failureThreshold: 3 initialDelaySeconds: 2 periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: requests: cpu: 10m memory: 150Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true seccompProfile: type: RuntimeDefault terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /var/run/cdi/token/keys name: cdi-api-signing-key - mountPath: /var/run/certs/cdi-uploadserver-signer name: uploadserver-ca-cert - mountPath: /var/run/certs/cdi-uploadserver-client-signer name: uploadserver-client-ca-cert - mountPath: /var/run/ca-bundle/cdi-uploadserver-signer-bundle name: uploadserver-ca-bundle - mountPath: /var/run/ca-bundle/cdi-uploadserver-client-signer-bundle name: uploadserver-client-ca-bundle dnsPolicy: ClusterFirst nodeSelector: kubernetes.io/os: linux priorityClassName: cdi-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: runAsNonRoot: true serviceAccount: cdi-sa serviceAccountName: cdi-sa terminationGracePeriodSeconds: 30 tolerations: - key: CriticalAddonsOnly operator: Exists volumes: - name: cdi-api-signing-key secret: defaultMode: 420 items: - key: publickey.pem path: id_rsa.pub - key: privatekey.pem path: id_rsa secretName: cdi-api-signing-key - name: uploadserver-ca-cert secret: defaultMode: 420 items: - key: tls.crt path: tls.crt - key: tls.key path: tls.key secretName: cdi-uploadserver-signer - name: uploadserver-client-ca-cert secret: defaultMode: 420 items: - key: tls.crt path: tls.crt - key: tls.key path: tls.key secretName: cdi-uploadserver-client-signer - secret: defaultMode: 420 items: - key: tls.crt path: ca-bundle.crt secretName: cdi-uploadserver-signer name: uploadserver-ca-bundle - secret: defaultMode: 420 items: - key: tls.crt path: ca-bundle.crt secretName: cdi-uploadserver-client-signer name: uploadserver-client-ca-bundle