108 lines
3.2 KiB
Handlebars
108 lines
3.2 KiB
Handlebars
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/component: storage
|
|
app.kubernetes.io/managed-by: cdi-operator
|
|
cdi.kubevirt.io: cdi-apiserver
|
|
name: cdi-apiserver
|
|
namespace: "{{ namespace }}"
|
|
spec:
|
|
progressDeadlineSeconds: 600
|
|
replicas: 1
|
|
revisionHistoryLimit: 10
|
|
selector:
|
|
matchLabels:
|
|
cdi.kubevirt.io: cdi-apiserver
|
|
strategy:
|
|
rollingUpdate:
|
|
maxSurge: 25%
|
|
maxUnavailable: 25%
|
|
type: RollingUpdate
|
|
template:
|
|
metadata:
|
|
creationTimestamp: null
|
|
labels:
|
|
app.kubernetes.io/component: storage
|
|
app.kubernetes.io/managed-by: cdi-operator
|
|
cdi.kubevirt.io: cdi-apiserver
|
|
spec:
|
|
containers:
|
|
- args:
|
|
- -v=1
|
|
env:
|
|
- name: INSTALLER_PART_OF_LABEL
|
|
valueFrom:
|
|
fieldRef:
|
|
apiVersion: v1
|
|
fieldPath: metadata.labels['app.kubernetes.io/part-of']
|
|
- name: INSTALLER_VERSION_LABEL
|
|
valueFrom:
|
|
fieldRef:
|
|
apiVersion: v1
|
|
fieldPath: metadata.labels['app.kubernetes.io/version']
|
|
image: quay.io/kubevirt/cdi-apiserver@sha256:e9e39408413b1478d2e98eba68913f9e20c93000558b190b47de73bdfd1d9ac4
|
|
imagePullPolicy: IfNotPresent
|
|
name: cdi-apiserver
|
|
readinessProbe:
|
|
failureThreshold: 3
|
|
httpGet:
|
|
path: /healthz
|
|
port: 8443
|
|
scheme: HTTPS
|
|
initialDelaySeconds: 2
|
|
periodSeconds: 5
|
|
successThreshold: 1
|
|
timeoutSeconds: 1
|
|
resources:
|
|
requests:
|
|
cpu: 10m
|
|
memory: 150Mi
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
runAsNonRoot: true
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
terminationMessagePath: /dev/termination-log
|
|
terminationMessagePolicy: File
|
|
volumeMounts:
|
|
- mountPath: /var/run/certs/cdi-apiserver-signer-bundle
|
|
name: ca-bundle
|
|
readOnly: true
|
|
- mountPath: /var/run/certs/cdi-apiserver-server-cert
|
|
name: server-cert
|
|
readOnly: true
|
|
dnsPolicy: ClusterFirst
|
|
nodeSelector:
|
|
kubernetes.io/os: linux
|
|
priorityClassName: cdi-cluster-critical
|
|
restartPolicy: Always
|
|
schedulerName: default-scheduler
|
|
securityContext:
|
|
runAsNonRoot: true
|
|
serviceAccount: cdi-apiserver
|
|
serviceAccountName: cdi-apiserver
|
|
terminationGracePeriodSeconds: 30
|
|
tolerations:
|
|
- key: CriticalAddonsOnly
|
|
operator: Exists
|
|
volumes:
|
|
- secret:
|
|
defaultMode: 420
|
|
items:
|
|
- key: ca.crt
|
|
path: ca-bundle.crt
|
|
secretName: cdi-apiserver-server-cert
|
|
name: ca-bundle
|
|
- name: server-cert
|
|
secret:
|
|
defaultMode: 420
|
|
items:
|
|
- key: tls.crt
|
|
path: tls.crt
|
|
- key: tls.key
|
|
path: tls.key
|
|
secretName: cdi-apiserver-server-cert |