First commit

resources/deployment.yaml

@@ -0,0 +1,53 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: varnish
+  labels:
+    app: varnish
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: varnish
+  template:
+    metadata:
+      labels:
+        app: varnish
+    spec:
+      containers:
+      - name: varnish
+        image: reg.cadoles.com/dh/library/varnish:7.6.1-alpine
+        imagePullPolicy: IfNotPresent
+        env:
+        - name: VARNISH_HTTP_PORT
+          value: "8080"
+        envFrom:
+        - configMapRef:
+            name: varnish-env
+        ports:
+        - containerPort: 8080
+        volumeMounts:
+        - mountPath: /etc/varnish/default.vcl
+          name: varnish-config
+          subPath: default.vcl
+        - mountPath: /var/lib/varnish/varnishd
+          name: varnish-lib
+        securityContext:
+          readOnlyRootFilesystem: true
+          allowPrivilegeEscalation: false
+          capabilities:
+            add: [ "IPC_LOCK" ]
+      volumes:
+      - name: varnish-config
+        configMap:
+          name: varnish-config
+          items:
+          - key: default.vcl
+            path: default.vcl
+      - name: varnish-lib
+        emptyDir:
+          sizeLimit: 1Gi
+      securityContext:
+        runAsUser: 1000
+        runAsGroup: 1000
+        runAsNonRoot: true

resources/svc.yaml

@@ -0,0 +1,12 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: varnish
+spec:
+  selector:
+    app: varnish
+  ports:
+  - name: varnish-http
+    protocol: TCP
+    port: 8080
+    targetPort: 8080