plugin-barman-cloud/kubernetes/deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: barman-cloud
  name: barman-cloud
spec:
  replicas: 1
  selector:
    matchLabels:
      app: barman-cloud
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: barman-cloud
    spec:
      securityContext:
        runAsNonRoot: true
        seccompProfile:
          type: RuntimeDefault
      serviceAccountName: plugin-barman-cloud
      containers:
      - image: plugin-barman-cloud:latest
        name: barman-cloud
        ports:
        - containerPort: 9090
          protocol: TCP
        - containerPort: 6060
          protocol: TCP
          name: "pprof"
        env:
        - name: SIDECAR_IMAGE
          valueFrom:
            secretKeyRef:
              key: SIDECAR_IMAGE
              name: plugin-barman-cloud
        args:
        - operator
        - --server-cert=/server/tls.crt
        - --server-key=/server/tls.key
        - --client-cert=/client/tls.crt
        - --server-address=:9090
        - --leader-elect
        - --log-level=debug
        readinessProbe:
          tcpSocket:
            port: 9090
          initialDelaySeconds: 10
          periodSeconds: 10
        volumeMounts:
        - mountPath: /server
          name: server
        - mountPath: /client
          name: client
        resources: {}
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
          readOnlyRootFilesystem: true
          runAsGroup: 10001
          runAsUser: 10001
          seccompProfile:
            type: RuntimeDefault
      volumes:
      - name: server
        secret:
          secretName: barman-cloud-server-tls
      - name: client
        secret:
          secretName: barman-cloud-client-tls