apiVersion: apps/v1 kind: Deployment metadata: namespace: {{ deploy.namespace }} name: stream-lb-{{ deploy.stream }} labels: app: nginx type: stream-lb stream: {{ deploy.stream }} spec: replicas: 1 selector: matchLabels: app: nginx type: stream-lb stream: {{ deploy.stream }} strategy: type: Recreate revisionHistoryLimit: 5 template: metadata: labels: app: nginx type: stream-lb stream: {{ deploy.stream }} spec: nodeName: {{ desc.streams[deploy.stream]['lb-worker'] }} securityContext: runAsUser: 998 fsGroup: 998 hostNetwork: true dnsPolicy: ClusterFirstWithHostNet initContainers: - name: copy-certificates image: busybox command: ['sh', '-c', 'chmod 0750 /srv/acme && cp /var/lib/acme/live/{{ desc.streams[deploy.stream]['lb-hostname'] }}/* /srv/acme && chown -R 998 /srv/acme'] securityContext: runAsUser: 0 volumeMounts: - name: nginx-cert mountPath: /srv/acme - name: acme-lib mountPath: /var/lib/acme containers: - name: nginx image: spreadspace/nginx-streaming:{{ desc.globals.deployment.parameter.nginx_image_version }} imagePullPolicy: Always args: - nginx - -c - /srv/config/nginx.conf - -g - "daemon off;" volumeMounts: - name: home mountPath: /srv - name: nginx-lib mountPath: /var/lib/nginx - name: nginx-config mountPath: /srv/config - name: www mountPath: /srv/www - name: nginx-cert mountPath: /srv/acme volumes: - name: home emptyDir: medium: Memory - name: nginx-lib emptyDir: medium: Memory - name: nginx-config configMap: name: stream-lb-{{ deploy.stream }} - name: www emptyDir: medium: Memory - name: nginx-cert emptyDir: medium: Memory - name: acme-lib hostPath: type: Directory path: /var/lib/acme readOnly: yes