apiVersion: apps/v1 kind: Deployment metadata: name: wireguardctl namespace: vpn labels: platform.edge.ncr.com/component: 'wireguardctl' spec: replicas: 1 selector: matchLabels: platform.edge.ncr.com/component: 'wireguardctl' template: metadata: labels: platform.edge.ncr.com/component: 'wireguardctl' spec: serviceAccountName: wireguardctl automountServiceAccountToken: true nodeSelector: iam.gke.io/gke-metadata-server-enabled: "true" containers: - name: wireguardctl image: bzl://cmd/sds/remoteaccess/wireguardctl:container_push env: - name: VALIDITY_PERIOD value: '30d' resources: limits: cpu: "100m" memory: 100Mi requests: cpu: 10m memory: 50Mi imagePullPolicy: IfNotPresent imagePullSecrets: - name: edge-docker-pull-secret