apiVersion: apps/v1
kind: Deployment
metadata:
  name: user-deployment
  namespace: hsv2
spec:
  replicas: %d
  selector:
    matchLabels:
      app: user
  template:
    metadata:
      labels:
        app: user
    spec:
      topologySpreadConstraints:
        - maxSkew: 1
          topologyKey: kubernetes.io/hostname
          whenUnsatisfiable: ScheduleAnyway
          labelSelector:
            matchLabels:
              app: user
      containers:
        - name: user
          image: hub.yizhisec.com/hybridscope/user_management:latest
          imagePullPolicy: IfNotPresent
          ports:
            - containerPort: 9013
          volumeMounts:
            - name: config-volume
              mountPath: /etc/hs_user_management/config.yml
              subPath: config.yml
              readOnly: true
            - name: ssl-client-crt
              mountPath: /etc/hs_user_management/proxy/certs/client.crt
              subPath: client.crt
              readOnly: true
      volumes:
        - name: config-volume
          configMap:
            name: config-user
            items:
              - key: config.yml
                path: config.yml
        - name: ssl-client-crt
          configMap:
            name: ssl-client-crt
            items:
              - key: client.crt
                path: client.crt
---
apiVersion: v1
kind: Service
metadata:
  name: user-service
  namespace: hsv2
spec:
  selector:
    app: user
  ports:
    - protocol: TCP
      port: 9013
      targetPort: 9013
  type: ClusterIP