apiVersion: apps/v1 kind: Deployment metadata: name: bastion namespace: lab-infra labels: app: bastion spec: replicas: 1 strategy: type: Recreate selector: matchLabels: app: bastion template: metadata: labels: app: bastion spec: imagePullSecrets: - name: gitea-registry hostNetwork: true dnsPolicy: ClusterFirstWithHostNet dnsConfig: options: - name: ndots value: "1" containers: - name: bastion image: mysources.co.uk/michal/lab/bastion:latest imagePullPolicy: Always command: - node - src/cli/dist/index.js - init - bastion - standalone - start - --foreground envFrom: - configMapRef: name: bastion-config env: - name: BASTION_JOIN_TOKEN valueFrom: secretKeyRef: name: bastion-join-token key: token ports: - containerPort: 8080 name: http volumeMounts: - name: state mountPath: /data - name: ssh-keys mountPath: /root/.ssh readOnly: true securityContext: capabilities: add: - NET_ADMIN - NET_RAW startupProbe: httpGet: path: /api/machines port: 8080 failureThreshold: 60 periodSeconds: 10 livenessProbe: httpGet: path: /api/machines port: 8080 periodSeconds: 30 readinessProbe: httpGet: path: /api/machines port: 8080 periodSeconds: 10 volumes: - name: state persistentVolumeClaim: claimName: bastion-state - name: ssh-keys hostPath: path: /root/.ssh type: Directory