github.com/IBM-Blockchain/fabric-operator@v1.0.4/testdata/deploy/operatorhsm.yaml (about) 1 # 2 # Copyright contributors to the Hyperledger Fabric Operator project 3 # 4 # SPDX-License-Identifier: Apache-2.0 5 # 6 # Licensed under the Apache License, Version 2.0 (the "License"); 7 # you may not use this file except in compliance with the License. 8 # You may obtain a copy of the License at: 9 # 10 # http://www.apache.org/licenses/LICENSE-2.0 11 # 12 # Unless required by applicable law or agreed to in writing, software 13 # distributed under the License is distributed on an "AS IS" BASIS, 14 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 # See the License for the specific language governing permissions and 16 # limitations under the License. 17 # 18 19 apiVersion: apps/v1 20 kind: Deployment 21 metadata: 22 name: operator 23 labels: 24 release: "operator" 25 app.kubernetes.io/managed-by: "operator" 26 spec: 27 replicas: 1 28 strategy: 29 type: "Recreate" 30 selector: 31 matchLabels: 32 name: operator 33 template: 34 metadata: 35 labels: 36 name: operator 37 release: "operator" 38 app.kubernetes.io/managed-by: "operator" 39 spec: 40 hostIPC: false 41 hostNetwork: false 42 hostPID: false 43 serviceAccountName: operator 44 affinity: 45 nodeAffinity: 46 requiredDuringSchedulingIgnoredDuringExecution: 47 nodeSelectorTerms: 48 - matchExpressions: 49 - key: kubernetes.io/arch 50 operator: In 51 values: 52 - amd64 53 securityContext: 54 runAsNonRoot: true 55 runAsUser: 1001 56 fsGroup: 2000 57 imagePullSecrets: 58 - name: regcred 59 # TODO:OSS remove initcontainers 60 initContainers: 61 - name: "hsm-client" 62 image: "ghcr.io/ibm-blockchain/ibp-pkcs11-proxy/gemalto-client:1.0.3-amd64" 63 imagePullPolicy: Always 64 command: 65 - "sh" 66 - "-c" 67 - 'cp $ENV_FILE /hsm/.env && source /hsm/.env && src=($SOURCE) && trgt=($TARGET) && for i in ${!src[@]}; do filename=$(basename -- ${src[i]}) dst="/hsm/$filename"; echo "Copying ${src[i]} to ${dst}"; mkdir -p $(dirname $dst); cp -r ${src[i]} $dst; done' 68 securityContext: 69 privileged: true 70 allowPrivilegeEscalation: true 71 readOnlyRootFilesystem: false 72 runAsNonRoot: false 73 runAsUser: 0 74 volumeMounts: 75 - name: "hsm-volume" 76 mountPath: "/hsm" 77 resources: 78 requests: 79 cpu: 0.1 80 memory: "100Mi" 81 ephemeral-storage: "100Mi" 82 limits: 83 cpu: 2 84 memory: "4Gi" 85 ephemeral-storage: "1Gi" 86 containers: 87 - name: operator 88 command: 89 - "sh" 90 - "-c" 91 - "source /hsm/.env && operator" 92 imagePullPolicy: Always 93 securityContext: 94 privileged: false 95 allowPrivilegeEscalation: false 96 readOnlyRootFilesystem: false 97 runAsNonRoot: false 98 runAsUser: 1001 99 capabilities: 100 drop: 101 - ALL 102 add: 103 - CHOWN 104 - FOWNER 105 livenessProbe: 106 tcpSocket: 107 port: 8383 108 initialDelaySeconds: 10 109 timeoutSeconds: 5 110 failureThreshold: 5 111 readinessProbe: 112 tcpSocket: 113 port: 8383 114 initialDelaySeconds: 10 115 timeoutSeconds: 5 116 periodSeconds: 5 117 volumeMounts: 118 - name: "hsm-volume" 119 mountPath: "/hsm" 120 - name: "hsm-volume" 121 mountPath: "/etc/Chrystoki.conf" 122 subPath: "Chrystoki.conf" 123 env: 124 - name: WATCH_NAMESPACE 125 valueFrom: 126 fieldRef: 127 fieldPath: metadata.namespace 128 - name: POD_NAME 129 valueFrom: 130 fieldRef: 131 fieldPath: metadata.name 132 - name: OPERATOR_NAME 133 value: "operator" 134 - name: CLUSTERTYPE 135 value: K8S 136 - name: HSM_CLIENT_IMAGE 137 value: ghcr.io/ibm-blockchain/ibp-pkcs11-proxy/gemalto-client:1.0.3-amd64 138 resources: 139 requests: 140 cpu: 100m 141 memory: 200Mi 142 ephemeral-storage: 100Mi 143 limits: 144 cpu: 100m 145 memory: 200Mi 146 ephemeral-storage: 1Gi 147 volumes: 148 - name: hsm-volume 149 emptyDir: 150 medium: Memory