apiVersion: apps/v1
kind: Deployment
metadata:
  name: bastion
  namespace: lab-infra
  labels:
    app: bastion
spec:
  replicas: 1
  selector:
    matchLabels:
      app: bastion
  template:
    metadata:
      labels:
        app: bastion
    spec:
      hostNetwork: true
      containers:
        - name: bastion
          image: mysources.co.uk/michal/lab-bastion:latest
          command:
            - node
            - src/cli/dist/index.js
            - init
            - bastion
            - standalone
            - start
          envFrom:
            - configMapRef:
                name: bastion-config
          ports:
            - containerPort: 8080
              name: http
          volumeMounts:
            - name: state
              mountPath: /data
            - name: ssh-keys
              mountPath: /root/.ssh
              readOnly: true
          securityContext:
            capabilities:
              add:
                - NET_ADMIN
                - NET_RAW
          livenessProbe:
            httpGet:
              path: /api/machines
              port: 8080
            initialDelaySeconds: 15
            periodSeconds: 30
          readinessProbe:
            httpGet:
              path: /api/machines
              port: 8080
            initialDelaySeconds: 5
            periodSeconds: 10
      volumes:
        - name: state
          persistentVolumeClaim:
            claimName: bastion-state
        - name: ssh-keys
          hostPath:
            path: /root/.ssh
            type: Directory