github.com/IBM-Blockchain/fabric-operator@v1.0.4/definitions/orderer/deployment.yaml (about) 1 apiVersion: apps/v1 2 kind: Deployment 3 metadata: 4 name: ibporderer-deployment 5 spec: 6 replicas: 1 7 selector: {} 8 strategy: 9 type: Recreate 10 template: 11 spec: 12 affinity: 13 nodeAffinity: 14 requiredDuringSchedulingIgnoredDuringExecution: 15 nodeSelectorTerms: 16 - matchExpressions: 17 - key: kubernetes.io/arch 18 operator: In 19 values: 20 - amd64 21 podAntiAffinity: 22 preferredDuringSchedulingIgnoredDuringExecution: 23 - podAffinityTerm: 24 labelSelector: 25 matchExpressions: 26 - key: orgname 27 operator: In 28 values: 29 - "" 30 topologyKey: kubernetes.io/hostname 31 weight: 100 32 containers: 33 - env: 34 - name: LICENSE 35 value: accept 36 - name: FABRIC_CFG_PATH 37 value: /certs/ 38 image: "" 39 imagePullPolicy: Always 40 livenessProbe: 41 failureThreshold: 5 42 httpGet: 43 path: /healthz 44 port: operations 45 scheme: HTTPS 46 initialDelaySeconds: 10 47 periodSeconds: 10 48 timeoutSeconds: 5 49 name: orderer 50 ports: 51 - containerPort: 7050 52 name: orderer 53 - containerPort: 8443 54 name: operations 55 - containerPort: 9443 56 name: orderer-admin 57 readinessProbe: 58 failureThreshold: 30 59 httpGet: 60 path: /healthz 61 port: operations 62 scheme: HTTPS 63 initialDelaySeconds: 26 64 periodSeconds: 10 65 resources: 66 limits: 67 cpu: 2000m 68 ephemeral-storage: 1G 69 memory: 4Gi 70 requests: 71 cpu: 100m 72 ephemeral-storage: 100M 73 memory: 100Mi 74 securityContext: 75 allowPrivilegeEscalation: false 76 capabilities: 77 add: 78 - NET_BIND_SERVICE 79 drop: 80 - ALL 81 privileged: false 82 readOnlyRootFilesystem: false 83 runAsNonRoot: true 84 runAsUser: 7051 85 startupProbe: 86 failureThreshold: 30 87 httpGet: 88 path: /healthz 89 port: operations 90 scheme: HTTPS 91 initialDelaySeconds: 0 92 periodSeconds: 10 93 timeoutSeconds: 5 94 volumeMounts: 95 - mountPath: /ordererdata 96 name: orderer-data 97 subPath: data 98 - mountPath: /certs/msp/cacerts 99 name: ecert-cacerts 100 - mountPath: /certs/msp/signcerts 101 name: ecert-signcert 102 - mountPath: /certs/msp/tlscacerts 103 name: tls-cacerts 104 - mountPath: /certs/tls/keystore 105 name: tls-keystore 106 - mountPath: /certs/tls/signcerts 107 name: tls-signcert 108 - mountPath: /certs 109 name: orderer-config 110 - mountPath: /certs/msp 111 name: orderer-config 112 - env: 113 - name: LICENSE 114 value: accept 115 - name: BACKEND_ADDRESS 116 value: 127.0.0.1:7050 117 - name: SERVER_TLS_CERT_FILE 118 value: /certs/tls/signcerts/cert.pem 119 - name: SERVER_TLS_KEY_FILE 120 value: /certs/tls/keystore/key.pem 121 - name: SERVER_TLS_CLIENT_CA_FILES 122 value: /certs/msp/tlscacerts/cacert-0.pem 123 - name: SERVER_BIND_ADDRESS 124 value: 0.0.0.0 125 - name: SERVER_HTTP_DEBUG_PORT 126 value: "8080" 127 - name: SERVER_HTTP_TLS_PORT 128 value: "7443" 129 - name: BACKEND_TLS 130 value: "true" 131 - name: SERVER_HTTP_MAX_WRITE_TIMEOUT 132 value: 5m 133 - name: SERVER_HTTP_MAX_READ_TIMEOUT 134 value: 5m 135 - name: USE_WEBSOCKETS 136 value: "true" 137 image: "" 138 imagePullPolicy: Always 139 livenessProbe: 140 failureThreshold: 6 141 tcpSocket: 142 port: 8080 143 initialDelaySeconds: 30 144 timeoutSeconds: 5 145 name: proxy 146 ports: 147 - containerPort: 8080 148 name: http 149 - containerPort: 7443 150 name: https 151 readinessProbe: 152 tcpSocket: 153 port: 8080 154 initialDelaySeconds: 26 155 periodSeconds: 5 156 timeoutSeconds: 5 157 resources: 158 limits: 159 cpu: 2000m 160 ephemeral-storage: 1G 161 memory: 4Gi 162 requests: 163 cpu: 100m 164 ephemeral-storage: 100M 165 memory: 100Mi 166 securityContext: 167 capabilities: 168 add: 169 - NET_BIND_SERVICE 170 drop: 171 - ALL 172 privileged: false 173 readOnlyRootFilesystem: false 174 runAsNonRoot: true 175 runAsUser: 1000 176 volumeMounts: 177 - mountPath: /certs/msp/tlscacerts 178 name: tls-cacerts 179 - mountPath: /certs/tls/keystore 180 name: tls-keystore 181 - mountPath: /certs/tls/signcerts 182 name: tls-signcert 183 hostIPC: false 184 hostNetwork: false 185 hostPID: false 186 initContainers: 187 - command: 188 - sh 189 - -c 190 - chmod -R 775 /ordererdata/ && chown -R -H 7051:7051 /ordererdata/ 191 env: 192 - name: LICENSE 193 value: accept 194 image: "" 195 imagePullPolicy: Always 196 name: init 197 resources: 198 limits: 199 cpu: 200m 200 ephemeral-storage: 1G 201 memory: 400M 202 requests: 203 cpu: 200m 204 ephemeral-storage: 100M 205 memory: 400M 206 securityContext: 207 allowPrivilegeEscalation: false 208 capabilities: 209 add: 210 - CHOWN 211 - FOWNER 212 drop: 213 - ALL 214 privileged: false 215 readOnlyRootFilesystem: false 216 runAsNonRoot: false 217 runAsUser: 0 218 volumeMounts: 219 - mountPath: /ordererdata 220 name: orderer-data 221 subPath: data 222 securityContext: 223 fsGroup: 2000 224 runAsNonRoot: true 225 runAsUser: 1000 226 serviceAccountName: sample