github.com/IBM-Blockchain/fabric-operator@v1.0.4/testdata/deploy/operator.yaml (about) 1 # 2 # Copyright contributors to the Hyperledger Fabric Operator project 3 # 4 # SPDX-License-Identifier: Apache-2.0 5 # 6 # Licensed under the Apache License, Version 2.0 (the "License"); 7 # you may not use this file except in compliance with the License. 8 # You may obtain a copy of the License at: 9 # 10 # http://www.apache.org/licenses/LICENSE-2.0 11 # 12 # Unless required by applicable law or agreed to in writing, software 13 # distributed under the License is distributed on an "AS IS" BASIS, 14 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 # See the License for the specific language governing permissions and 16 # limitations under the License. 17 # 18 19 apiVersion: apps/v1 20 kind: Deployment 21 metadata: 22 name: operator 23 labels: 24 release: "operator" 25 spec: 26 replicas: 1 27 strategy: 28 type: "Recreate" 29 selector: 30 matchLabels: 31 name: operator 32 template: 33 metadata: 34 labels: 35 release: "operator" 36 spec: 37 hostIPC: false 38 hostNetwork: false 39 hostPID: false 40 serviceAccountName: operator 41 affinity: 42 nodeAffinity: 43 requiredDuringSchedulingIgnoredDuringExecution: 44 nodeSelectorTerms: 45 - matchExpressions: 46 - key: kubernetes.io/arch 47 operator: In 48 values: 49 - amd64 50 securityContext: 51 runAsNonRoot: true 52 runAsUser: 1001 53 fsGroup: 2000 54 imagePullSecrets: 55 - name: regcred 56 # TODO:OSS remove initcontainers 57 initContainers: 58 - name: "hsm-client" 59 image: "ghcr.io/ibm-blockchain/ibp-pkcs11-proxy/gemalto-client:1.0.3-amd64" 60 imagePullPolicy: Always 61 command: 62 - "sh" 63 - "-c" 64 - 'cp $ENV_FILE /hsm/.env && source /hsm/.env && src=($SOURCE) && trgt=($TARGET) && for i in ${!src[@]}; do filename=$(basename -- ${src[i]}) dst="/hsm/$filename"; echo "Copying ${src[i]} to ${dst}"; mkdir -p $(dirname $dst); cp -r ${src[i]} $dst; done' 65 securityContext: 66 privileged: true 67 allowPrivilegeEscalation: true 68 readOnlyRootFilesystem: false 69 runAsNonRoot: false 70 runAsUser: 0 71 volumeMounts: 72 - name: "hsm-volume" 73 mountPath: "/hsm" 74 resources: 75 requests: 76 cpu: 0.1 77 memory: "100Mi" 78 ephemeral-storage: "100Mi" 79 limits: 80 cpu: 2 81 memory: "4Gi" 82 ephemeral-storage: "1Gi" 83 containers: 84 - name: operator 85 command: 86 - "sh" 87 - "-c" 88 - "source /hsm/.env && operator" 89 imagePullPolicy: Always 90 securityContext: 91 privileged: false 92 allowPrivilegeEscalation: false 93 readOnlyRootFilesystem: false 94 runAsNonRoot: false 95 runAsUser: 1001 96 capabilities: 97 drop: 98 - ALL 99 add: 100 - CHOWN 101 - FOWNER 102 livenessProbe: 103 tcpSocket: 104 port: 8383 105 initialDelaySeconds: 10 106 timeoutSeconds: 5 107 failureThreshold: 5 108 readinessProbe: 109 tcpSocket: 110 port: 8383 111 initialDelaySeconds: 10 112 timeoutSeconds: 5 113 periodSeconds: 5 114 volumeMounts: 115 - name: "hsm-volume" 116 mountPath: "/hsm" 117 - name: "hsm-volume" 118 mountPath: "/etc/Chrystoki.conf" 119 subPath: "Chrystoki.conf" 120 env: 121 - name: WATCH_NAMESPACE 122 valueFrom: 123 fieldRef: 124 fieldPath: metadata.namespace 125 - name: POD_NAME 126 valueFrom: 127 fieldRef: 128 fieldPath: metadata.name 129 - name: OPERATOR_NAME 130 value: "operator" 131 - name: CLUSTERTYPE 132 value: K8S 133 resources: 134 requests: 135 cpu: 100m 136 memory: 200Mi 137 ephemeral-storage: 100Mi 138 limits: 139 cpu: 100m 140 memory: 200Mi 141 ephemeral-storage: 100Mi 142 volumes: 143 - name: hsm-volume 144 emptyDir: 145 medium: Memory