ansible/roles/openshift-apps/koschei/templates/backend-deployment.yml

# https://docs.openshift.com/container-platform/3.11/rest_api/oapi/v1.DeploymentConfig.html#object-schema
apiVersion: v1
kind: DeploymentConfig
metadata:
  name: {{service}}
  labels:
    service: {{service}}
spec:
  replicas: 1
  selector:
    service: {{service}}
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        service: {{service}}
    spec:
      containers:
      - name: {{service}}
        image: koschei:latest
        command: [/usr/bin/koschei-{{service}}]
        env:
          - name: KRB5_CONFIG
            value: /etc/koschei/krb5.conf
          - name: KRB5_CLIENT_KTNAME
            value: /etc/krb5.keytab
          - name: FEDORA_MESSAGING_CONF
            value: /etc/koschei/fedora-messaging.toml
          - name: WATCHDOG_PATH
            value: /var/tmp/koschei-watchdog
        volumeMounts:
        - name: config
          mountPath: /etc/koschei
          readOnly: true
        - name: keytab
          mountPath: /etc/krb5.keytab
          subPath: krb5.keytab
          readOnly: true
        resources:
          requests:
            cpu: "{{ min_cpu }}m"
            memory: "{{ min_mem }}Mi"
          limits:
            cpu: "{{ max_cpu }}m"
            memory: "{{ max_mem }}Mi"
        readinessProbe:
          initialDelaySeconds: 5
          exec:
            command: ["/bin/bash", "-c", "[[ -e /var/tmp/koschei-watchdog ]]"]
        livenessProbe:
          initialDelaySeconds: 30
          periodSeconds: 5
          exec:
            command: ["/bin/bash", "-c", "(($(stat -c%Y /var/tmp/koschei-watchdog) + {{ koschei_watchdog_timeout }} > $(date +%s)))"]
      volumes:
      - name: config
        secret:
          secretName: backend-config
      - name: keytab
        secret:
          secretName: keytab