github.com/IBM-Blockchain/fabric-operator@v1.0.4/definitions/peer/deployment.yaml (about) 1 apiVersion: apps/v1 2 kind: Deployment 3 metadata: 4 name: ibppeer-deployment 5 spec: 6 replicas: 1 7 selector: {} 8 strategy: 9 type: Recreate 10 template: 11 spec: 12 affinity: 13 nodeAffinity: 14 requiredDuringSchedulingIgnoredDuringExecution: 15 nodeSelectorTerms: 16 - matchExpressions: 17 - key: kubernetes.io/arch 18 operator: In 19 values: 20 - amd64 21 podAntiAffinity: 22 preferredDuringSchedulingIgnoredDuringExecution: 23 - podAffinityTerm: 24 labelSelector: 25 matchExpressions: 26 - key: orgname 27 operator: In 28 values: 29 - "" 30 topologyKey: kubernetes.io/hostname 31 weight: 100 32 containers: 33 - env: 34 - name: LICENSE 35 value: accept 36 image: "" 37 imagePullPolicy: Always 38 livenessProbe: 39 failureThreshold: 6 40 initialDelaySeconds: 30 41 tcpSocket: 42 port: 2375 43 timeoutSeconds: 5 44 name: dind 45 ports: 46 - containerPort: 2375 47 readinessProbe: 48 exec: 49 command: 50 - readiness.sh 51 initialDelaySeconds: 30 52 periodSeconds: 5 53 timeoutSeconds: 5 54 resources: 55 limits: 56 cpu: 500m 57 memory: 1000M 58 requests: 59 cpu: 500m 60 memory: 1000M 61 securityContext: 62 allowPrivilegeEscalation: true 63 capabilities: 64 add: 65 - NET_BIND_SERVICE 66 drop: 67 - ALL 68 privileged: true 69 readOnlyRootFilesystem: false 70 runAsNonRoot: false 71 runAsUser: 0 72 - env: 73 - name: LICENSE 74 value: accept 75 - name: CORE_PEER_LISTENADDRESS 76 value: 0.0.0.0:7051 77 - name: CORE_PEER_CHAINCODELISTENADDRESS 78 value: 0.0.0.0:7052 79 - name: CORE_PEER_MSPCONFIGPATH 80 value: /certs/msp 81 - name: CORE_PEER_FILESYSTEMPATH 82 value: /data/peer/ 83 - name: CORE_PEER_TLS_ENABLED 84 value: "true" 85 - name: CORE_PEER_TLS_CERT_FILE 86 value: /certs/tls/signcerts/cert.pem 87 - name: CORE_PEER_TLS_KEY_FILE 88 value: /certs/tls/keystore/key.pem 89 - name: CORE_PEER_TLS_ROOTCERT_FILE 90 value: /certs/msp/tlscacerts/cacert-0.pem 91 - name: FABRIC_CFG_PATH 92 value: /certs 93 - name: CORE_OPERATIONS_LISTENADDRESS 94 value: 0.0.0.0:9443 95 - name: CORE_OPERATIONS_TLS_ENABLED 96 value: "true" 97 - name: CORE_OPERATIONS_TLS_CERT_FILE 98 value: /certs/tls/signcerts/cert.pem 99 - name: CORE_OPERATIONS_TLS_KEY_FILE 100 value: /certs/tls/keystore/key.pem 101 - name: CORE_OPERATIONS_TLS_CLIENTAUTHREQUIRED 102 value: "false" 103 - name: CORE_OPERATIONS_TLS_CLIENTROOTCAS_FILES 104 value: /certs/msp/tlscacerts/cacert-0.pem 105 image: "" 106 imagePullPolicy: Always 107 livenessProbe: 108 failureThreshold: 6 109 httpGet: 110 path: /healthz 111 port: operations 112 scheme: HTTPS 113 initialDelaySeconds: 30 114 timeoutSeconds: 5 115 name: peer 116 ports: 117 - containerPort: 7051 118 name: peer 119 - containerPort: 7052 120 name: chaincodelisten 121 - containerPort: 9443 122 name: operations 123 readinessProbe: 124 httpGet: 125 path: /healthz 126 port: operations 127 scheme: HTTPS 128 initialDelaySeconds: 26 129 periodSeconds: 5 130 timeoutSeconds: 5 131 resources: 132 limits: 133 cpu: 200m 134 memory: 400M 135 requests: 136 cpu: 200m 137 memory: 400M 138 securityContext: 139 allowPrivilegeEscalation: false 140 capabilities: 141 add: 142 - NET_BIND_SERVICE 143 drop: 144 - ALL 145 privileged: false 146 readOnlyRootFilesystem: false 147 runAsNonRoot: true 148 runAsUser: 7051 149 volumeMounts: 150 - mountPath: /data 151 name: fabric-peer-0 152 subPath: data 153 - mountPath: /certs/msp/cacerts 154 name: ecert-cacerts 155 - mountPath: /certs/msp/signcerts 156 name: ecert-signcert 157 - mountPath: /certs/msp/tlscacerts 158 name: tls-cacerts 159 - mountPath: /certs/tls/keystore 160 name: tls-keystore 161 - mountPath: /certs/tls/signcerts 162 name: tls-signcert 163 - mountPath: /certs 164 name: peer-config 165 - mountPath: /certs/msp 166 name: peer-config 167 - env: 168 - name: LICENSE 169 value: accept 170 - name: BACKEND_ADDRESS 171 value: 127.0.0.1:7051 172 - name: SERVER_TLS_CERT_FILE 173 value: /certs/tls/signcerts/cert.pem 174 - name: SERVER_TLS_KEY_FILE 175 value: /certs/tls/keystore/key.pem 176 - name: SERVER_TLS_CLIENT_CA_FILES 177 value: /certs/msp/tlscacerts/cacert-0.pem 178 - name: SERVER_BIND_ADDRESS 179 value: 0.0.0.0 180 - name: SERVER_HTTP_DEBUG_PORT 181 value: "8080" 182 - name: SERVER_HTTP_TLS_PORT 183 value: "7443" 184 - name: BACKEND_TLS 185 value: "true" 186 - name: SERVER_HTTP_MAX_WRITE_TIMEOUT 187 value: 5m 188 - name: SERVER_HTTP_MAX_READ_TIMEOUT 189 value: 5m 190 - name: USE_WEBSOCKETS 191 value: "true" 192 image: "" 193 imagePullPolicy: Always 194 livenessProbe: 195 failureThreshold: 6 196 tcpSocket: 197 port: 8080 198 initialDelaySeconds: 30 199 timeoutSeconds: 5 200 name: proxy 201 ports: 202 - containerPort: 8080 203 name: http 204 - containerPort: 7443 205 name: https 206 readinessProbe: 207 tcpSocket: 208 port: 8080 209 initialDelaySeconds: 26 210 periodSeconds: 5 211 timeoutSeconds: 5 212 resources: 213 limits: 214 cpu: 100m 215 memory: 200M 216 requests: 217 cpu: 100m 218 memory: 200M 219 securityContext: 220 allowPrivilegeEscalation: false 221 capabilities: 222 add: 223 - NET_BIND_SERVICE 224 drop: 225 - ALL 226 privileged: false 227 readOnlyRootFilesystem: false 228 runAsNonRoot: true 229 runAsUser: 1000 230 volumeMounts: 231 - mountPath: /certs/msp/tlscacerts 232 name: tls-cacerts 233 - mountPath: /certs/tls/signcerts 234 name: tls-signcert 235 - mountPath: /certs/tls/keystore 236 name: tls-keystore 237 - env: 238 - name: LICENSE 239 value: accept 240 image: fluent/fluentd:v1.4-2 241 imagePullPolicy: Always 242 livenessProbe: 243 failureThreshold: 6 244 initialDelaySeconds: 30 245 tcpSocket: 246 port: 9880 247 timeoutSeconds: 5 248 name: chaincode-logs 249 ports: 250 - containerPort: 9880 251 readinessProbe: 252 initialDelaySeconds: 26 253 periodSeconds: 5 254 tcpSocket: 255 port: 9880 256 timeoutSeconds: 5 257 resources: 258 limits: 259 cpu: 100m 260 memory: 200M 261 requests: 262 cpu: 100m 263 memory: 200M 264 securityContext: 265 capabilities: 266 add: 267 - NET_BIND_SERVICE 268 drop: 269 - ALL 270 privileged: false 271 readOnlyRootFilesystem: false 272 runAsNonRoot: true 273 runAsUser: 1000 274 volumeMounts: 275 - mountPath: /fluentd/etc 276 name: fluentd-config 277 hostIPC: false 278 hostNetwork: false 279 hostPID: false 280 initContainers: 281 - env: 282 - name: LICENSE 283 value: accept 284 image: "" 285 imagePullPolicy: Always 286 name: init 287 resources: 288 limits: 289 cpu: 200m 290 memory: 400M 291 requests: 292 cpu: 200m 293 memory: 400M 294 securityContext: 295 allowPrivilegeEscalation: false 296 capabilities: 297 add: 298 - CHOWN 299 - FOWNER 300 drop: 301 - ALL 302 privileged: false 303 readOnlyRootFilesystem: false 304 runAsNonRoot: false 305 runAsUser: 0 306 volumeMounts: 307 - mountPath: /data 308 name: fabric-peer-0 309 subPath: data 310 securityContext: 311 fsGroup: 2000 312 runAsNonRoot: true 313 runAsUser: 1000