apiVersion: v1
kind: ServiceAccount
metadata:
  name: app-helper-sa
  namespace: hsv2
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: app-helper-role
  namespace: hsv2
rules:
- apiGroups: ["apps"]
  resources: ["deployments", "deployments/status"]
  verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: app-helper-rolebinding
  namespace: hsv2
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: app-helper-role
subjects:
- kind: ServiceAccount
  name: app-helper-sa
  namespace: hsv2
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: app-helper-deployment
  namespace: hsv2
spec:
  replicas: %d
  selector:
    matchLabels:
      app: app-helper
  template:
    metadata:
      labels:
        app: app-helper
    spec:
      serviceAccountName: app-helper-sa
      topologySpreadConstraints:
      - maxSkew: 1 
        topologyKey: kubernetes.io/hostname 
        whenUnsatisfiable: ScheduleAnyway 
        labelSelector:
          matchLabels:
            app: app-helper
      containers:
      - name: app-helper
        image: hub.yizhisec.com/hsv2/app/helper:%s
        imagePullPolicy: IfNotPresent
        command:
        - app_helper
        - --debug
        - --redis-host
        - "redis-master.db-redis"
        - --redis-password
        - "HybridScope0xRed1s."
        ports:
        - containerPort: 80
        volumeMounts:
        - name: config-version
          mountPath: /app/version
      volumes:
      - name: config-version
        configMap:
          name: config-version
---
apiVersion: v1
kind: Service
metadata:
  name: app-helper-service
  namespace: hsv2
spec:
  selector:
    app: app-helper
  ports:
    - protocol: TCP
      port: 80
      targetPort: 80
  type: ClusterIP