deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: kubeseal-caddy
  labels:
    app: kubeseal-caddy
spec:
  selector:
    matchLabels:
      app: kubeseal-caddy
  template:
    metadata:
      labels:
        app: kubeseal-caddy
    spec:
      initContainers:
        - name: kubesesal-init-export
          image: ilirbekteshi/kubeseal
          command: ["/bin/sh"]
          args:
            - -c
            - /usr/local/bin/kubeseal --fetch-cert > /www/cert.pem
          volumeMounts:
            - name: www
              mountPath: /www
      containers:
        - name: caddy
          image: caddy/caddy:alpine
          ports:
            - name: http
              containerPort: 80
              protocol: TCP
          volumeMounts:
            - name: www
              mountPath: /www
              readOnly: true
            - name: config
              mountPath: /etc/caddy
          livenessProbe:
            httpGet:
              path: /
              port: http
          resources:
              requests:
                memory: "64Mi"
                cpu: "100m"
              limits:
                memory: "128Mi"
                cpu: "200m"
      volumes:
        - name: www
          persistentVolumeClaim:
              claimName: kubeseal-certs
        - name: "config"
          configMap:
            name: "caddy-configmap"