56 lines
1.1 KiB
HCL
56 lines
1.1 KiB
HCL
resource "kubernetes_deployment" "post_policy_sleeper" {
|
|
metadata {
|
|
name = "post-policy-sleeper"
|
|
namespace = kubernetes_namespace.rossum.metadata[0].name
|
|
labels = {
|
|
"app.kubernetes.io/name" = "post-policy-sleeper"
|
|
"app.kubernetes.io/version" = "v5"
|
|
}
|
|
}
|
|
|
|
spec {
|
|
replicas = 3
|
|
|
|
selector {
|
|
match_labels = {
|
|
"app.kubernetes.io/name" = "post-policy-sleeper"
|
|
}
|
|
}
|
|
|
|
template {
|
|
metadata {
|
|
labels = {
|
|
"app.kubernetes.io/name" = "post-policy-sleeper"
|
|
}
|
|
}
|
|
|
|
spec {
|
|
container {
|
|
name = "sleepy"
|
|
image = "busybox"
|
|
command = [
|
|
"sh",
|
|
"-c",
|
|
"while true; do sleep 60; done"
|
|
]
|
|
}
|
|
|
|
security_context {
|
|
run_as_user = 1000
|
|
run_as_group = 1000
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
lifecycle {
|
|
ignore_changes = [
|
|
# Injected by kyverno policy on create
|
|
spec[0].template[0].spec[0].topology_spread_constraint
|
|
]
|
|
}
|
|
|
|
# Execute after the kyverno policy is in place
|
|
depends_on = [kubernetes_manifest.kyverno_policy_topology_spread]
|
|
}
|