apiVersion: apps/v1
kind: Deployment
metadata:
  name: firewallctl
  labels:
    platform.edge.ncr.com/component: firewallctl
spec:
  selector:
    matchLabels:
      platform.edge.ncr.com/component: firewallctl
  template:
    metadata:
      labels:
        platform.edge.ncr.com/component: firewallctl
    spec:
      serviceAccountName: firewallctl
      priorityClassName: edge-p5-non-critical-infra
      containers:
      - name: firewallctl
        image: bzl://cmd/sds/firewallctl:container_push
        imagePullPolicy: IfNotPresent
        securityContext:
          allowPrivilegeEscalation: false
          readOnlyRootFilesystem: true
          runAsNonRoot: true
          runAsUser: 2102
          seccompProfile:
            type: RuntimeDefault
      imagePullSecrets:
      - name: edge-docker-pull-secret
      affinity:
        nodeAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
          - preference:
              matchExpressions:
              - key: node.ncr.com/class
                operator: In
                values:
                - server
            weight: 100
  strategy:
    type: RollingUpdate