C3C/rossum
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7fe5124427
rossum/anydatacenter/30-policy-demo/prePolicy.tf

111 lines
2.4 KiB
HCL
Raw Blame History

# Deployment will be added before the kyverno policy is created
resource "kubernetes_deployment" "pre_policy_sleeper" {
metadata {
name = "pre-policy-sleeper"
namespace = kubernetes_namespace.rossum.metadata[0].name
labels = {
"app.kubernetes.io/name" = "pre-policy-sleeper"
"app.kubernetes.io/version" = "v3"
}
}
spec {
replicas = 3
selector {
match_labels = {
"app.kubernetes.io/name" = "pre-policy-sleeper"
}
}
template {
metadata {
labels = {
"app.kubernetes.io/name" = "pre-policy-sleeper"
}
}
spec {
topology_spread_constraint {
max_skew = 1
topology_key = "topology.kubernetes.io/hostname"
when_unsatisfiable = "ScheduleAnyway"
label_selector {
match_labels = {
"app.kubernetes.io/name" = "pre-policy-sleeper"
}
}
}
container {
name = "sleepy"
image = "busybox"
command = [
"sh",
"-c",
"while true; do sleep 60; done"
]
}
security_context {
run_as_user = 1000
run_as_group = 1000
}
}
}
}
}
resource "kubernetes_deployment" "pre_policy_sleeper_without_topology_spread" {
metadata {
name = "pre-policy-sleeper-without-topology-spread"
namespace = kubernetes_namespace.rossum.metadata[0].name
labels = {
"app.kubernetes.io/name" = "pre-policy-sleeper-without-topology-spread"
"app.kubernetes.io/version" = "v2"
}
}
spec {
replicas = 3
selector {
match_labels = {
"app.kubernetes.io/name" = "pre-policy-sleeper-without-topology-spread"
}
}
template {
metadata {
labels = {
"app.kubernetes.io/name" = "pre-policy-sleeper-without-topology-spread"
}
}
spec {
container {
name = "sleepy"
image = "busybox"
command = [
"sh",
"-c",
"while true; do sleep 60; done"
]
}
security_context {
run_as_user = 1000
run_as_group = 1000
}
}
}
}
lifecycle {
ignore_changes = [
# Injected by kyverno policy on update
spec[0].template[0].spec[0].topology_spread_constraint
]
}
}
Reference in New Issue View Git Blame Copy Permalink