apiVersion: apps/v1 kind: Deployment metadata: namespace: emc name: stream-site-public-onion labels: app: nginx type: stream-site stream: public-onion spec: replicas: 1 selector: matchLabels: app: nginx type: stream-site stream: public-onion strategy: type: Recreate revisionHistoryLimit: 5 template: metadata: labels: app: nginx type: stream-site stream: public-onion spec: nodeName: emc-00 securityContext: runAsUser: 998 fsGroup: 998 initContainers: - name: prepare-onion image: busybox command: ['sh', '-c', 'mkdir /srv/onion_service && cp /secrets/onion_service/* /srv/onion_service && chown -R 998:998 /var/lib/tor /srv/onion_service && chmod 0750 /var/lib/tor && chmod 0700 /srv/onion_service'] securityContext: runAsUser: 0 volumeMounts: - name: home mountPath: /srv - name: onion-lib mountPath: /var/lib/tor - name: onion-service mountPath: /secrets/onion_service/ containers: - name: nginx image: spreadspace/nginx-streaming:4 imagePullPolicy: Always args: - nginx - -c - /srv/config/nginx.conf - -g - "daemon off;" volumeMounts: - name: home mountPath: /srv - name: nginx-lib mountPath: /var/lib/nginx - name: config mountPath: /srv/config - name: www mountPath: /srv/www - name: onion-service image: spreadspace/onion-service:master-23 imagePullPolicy: Always args: [ '/usr/bin/tor', '-f', '/srv/config/torrc', '--RunAsDaemon', '0' ] volumeMounts: - name: home mountPath: /srv - name: onion-lib mountPath: /var/lib/tor - name: config mountPath: /srv/config volumes: - name: home emptyDir: medium: Memory - name: onion-lib emptyDir: medium: Memory - name: nginx-lib emptyDir: medium: Memory - name: config configMap: name: stream-site-public-onion - name: www hostPath: type: Directory path: /srv/www/emc18 - name: onion-service secret: secretName: stream-site-public-onion