github.com/IBM-Blockchain/fabric-operator@v1.0.4/definitions/ca/deployment.yaml (about) 1 apiVersion: apps/v1 2 kind: Deployment 3 metadata: 4 name: ibpca-deployment 5 spec: 6 replicas: 1 7 selector: {} 8 strategy: 9 type: Recreate 10 template: 11 spec: 12 affinity: 13 nodeAffinity: 14 requiredDuringSchedulingIgnoredDuringExecution: 15 nodeSelectorTerms: 16 - matchExpressions: 17 - key: kubernetes.io/arch 18 operator: In 19 values: 20 - amd64 21 containers: 22 - command: 23 - sh 24 - -c 25 - mkdir -p /data/tlsca && cp /config/tlsca/fabric-ca-server-config.yaml /data/tlsca 26 && mkdir -p /data/ca && cp /config/ca/fabric-ca-server-config.yaml /data/ca 27 && fabric-ca-server start --home /data/ca 28 env: 29 - name: LICENSE 30 value: accept 31 - name: FABRIC_CA_HOME 32 value: /data/ca 33 - name: SERVICE_HOST 34 value: ca 35 - name: FABRIC_CA_SERVER_OPERATIONS_TLS_CERT_FILE 36 value: /crypto/ca/operations-cert.pem 37 - name: FABRIC_CA_SERVER_OPERATIONS_TLS_KEY_FILE 38 value: /crypto/ca/operations-key.pem 39 - name: HOST_IP 40 valueFrom: 41 fieldRef: 42 fieldPath: status.hostIP 43 image: "" 44 imagePullPolicy: Always 45 livenessProbe: 46 failureThreshold: 6 47 httpGet: 48 path: /healthz 49 port: operations 50 scheme: HTTPS 51 initialDelaySeconds: 30 52 timeoutSeconds: 5 53 name: ca 54 ports: 55 - containerPort: 7054 56 name: ca 57 - containerPort: 9443 58 name: operations 59 readinessProbe: 60 httpGet: 61 path: /healthz 62 port: operations 63 scheme: HTTPS 64 initialDelaySeconds: 26 65 periodSeconds: 5 66 timeoutSeconds: 5 67 resources: 68 limits: 69 cpu: 2000m 70 ephemeral-storage: 1G 71 memory: 4Gi 72 requests: 73 cpu: 100m 74 ephemeral-storage: 100M 75 memory: 100Mi 76 securityContext: 77 allowPrivilegeEscalation: false 78 capabilities: 79 add: 80 - NET_BIND_SERVICE 81 drop: 82 - ALL 83 privileged: false 84 readOnlyRootFilesystem: false 85 runAsNonRoot: true 86 runAsUser: 7051 87 volumeMounts: 88 - mountPath: /crypto/ca 89 name: ca-crypto 90 - mountPath: /crypto/tlsca 91 name: tlsca-crypto 92 - mountPath: /config/ca 93 name: ca-config 94 - mountPath: /config/tlsca 95 name: tlsca-config 96 hostIPC: false 97 hostNetwork: false 98 hostPID: false 99 initContainers: 100 - command: 101 - sh 102 - -c 103 - mkdir -p /data/db && chmod -R 775 /data/ && chown -R -H 7051:7051 /data/ 104 env: 105 - name: LICENSE 106 value: accept 107 image: "" 108 imagePullPolicy: Always 109 name: init 110 resources: 111 limits: 112 cpu: 200m 113 ephemeral-storage: 1G 114 memory: 400M 115 requests: 116 cpu: 200m 117 ephemeral-storage: 100M 118 memory: 400M 119 securityContext: 120 allowPrivilegeEscalation: false 121 capabilities: 122 add: 123 - CHOWN 124 - FOWNER 125 drop: 126 - ALL 127 privileged: false 128 readOnlyRootFilesystem: false 129 runAsNonRoot: false 130 runAsUser: 0 131 securityContext: 132 fsGroup: 7051 133 runAsNonRoot: true 134 runAsUser: 7051 135 serviceAccountName: sample 136 volumes: 137 - emptyDir: 138 medium: Memory 139 name: shared