domain/apps/okd/deploy.tf

resource "kubectl_manifest" "deploy" {
  yaml_body  = <<-EOF
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: "${var.instance}-${var.component}"
      namespace: "${var.namespace}"
      labels: ${jsonencode(local.common_labels)}
    spec:
      replicas: 1
      selector:
        matchLabels: ${jsonencode(local.common_labels)}
      template:
        metadata:
          labels: ${jsonencode(local.common_labels)}
        spec:
          securityContext:
            fsGroup: 1000
            runAsUser: 1000
            runAsGroup: 1000
          containers:
          - name: okd
            securityContext:
              fsGroup: 1000
              runAsGroup: 1000
              runAsNonRoot: true
              runAsUser: 1000
            env:
            - name: BRIDGE_USER_AUTH
              value: disabled
            image: "${var.images.okd.registry}/${var.images.okd.repository}:${var.images.okd.tag}"
            imagePullPolicy: "${var.images.okd.pull_policy}"
            ports:
            - containerPort: 9000
              name: http
              protocol: TCP
            livenessProbe:
              failureThreshold: 3
              httpGet:
                path: /
                port: http
                scheme: HTTP
              periodSeconds: 10
              successThreshold: 1
              timeoutSeconds: 1
            readinessProbe:
              failureThreshold: 3
              httpGet:
                path: /
                port: http
                scheme: HTTP
              periodSeconds: 10
              successThreshold: 1
              timeoutSeconds: 1
          restartPolicy: Always
          serviceAccount: "${var.instance}-${var.component}"
          serviceAccountName: "${var.instance}-${var.component}"
 EOF
}