apiVersion: apps/v1 kind: Deployment metadata: name: {{ .PluginName }} namespace: {{ .PluginNamespace }} labels: app: {{ .PluginName }} app.kubernetes.io/component: {{ .PluginName }} app.kubernetes.io/instance: {{ .PluginName }} app.kubernetes.io/part-of: {{ .PluginName }} app.openshift.io/runtime-namespace: {{ .PluginNamespace }} spec: replicas: 1 selector: matchLabels: app: {{ .PluginName }} template: metadata: labels: app: {{ .PluginName }} spec: {{- if .InfraNodeSelector }} nodeSelector: {{ toYaml .InfraNodeSelector | nindent 8 }} {{- end }} {{- if .InfraTolerations }} tolerations: {{ toYaml .InfraTolerations | nindent 8 }} {{- end }} {{- if .InfraAffinity }} affinity: {{ toYaml .InfraAffinity | nindent 8 }} {{- end }} containers: - name: {{ .PluginName }} image: {{ .PluginImage }} ports: - containerPort: {{ .PluginPort }} protocol: TCP imagePullPolicy: IfNotPresent resources: requests: cpu: "10m" memory: "50Mi" limits: cpu: "500m" memory: "1Gi" readinessProbe: tcpSocket: port: {{ .PluginPort }} initialDelaySeconds: 10 periodSeconds: 10 livenessProbe: tcpSocket: port: {{ .PluginPort }} initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 1 successThreshold: 1 failureThreshold: 3 terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - name: plugin-serving-cert readOnly: true mountPath: /var/serving-cert - name: nginx-conf readOnly: true mountPath: /etc/nginx/nginx.conf subPath: nginx.conf volumes: - name: plugin-serving-cert secret: secretName: plugin-serving-cert defaultMode: 420 - name: nginx-conf configMap: name: nginx-conf defaultMode: 420 restartPolicy: Always dnsPolicy: ClusterFirst strategy: type: RollingUpdate rollingUpdate: maxUnavailable: 25% maxSurge: 25%