# Deployment will be added before the kyverno policy is created resource "kubernetes_deployment" "pre_policy_sleeper" { metadata { name = "pre-policy-sleeper" namespace = kubernetes_namespace.rossum.metadata[0].name labels = { "app.kubernetes.io/name" = "pre-policy-sleeper" "app.kubernetes.io/version" = "v3" } } spec { replicas = 3 selector { match_labels = { "app.kubernetes.io/name" = "pre-policy-sleeper" } } template { metadata { labels = { "app.kubernetes.io/name" = "pre-policy-sleeper" } } spec { topology_spread_constraint { max_skew = 1 topology_key = "topology.kubernetes.io/hostname" when_unsatisfiable = "ScheduleAnyway" label_selector { match_labels = { "app.kubernetes.io/name" = "pre-policy-sleeper" } } } container { name = "sleepy" image = "busybox" command = [ "sh", "-c", "while true; do sleep 60; done" ] } security_context { run_as_user = 1000 run_as_group = 1000 } } } } } resource "kubernetes_deployment" "pre_policy_sleeper_without_topology_spread" { metadata { name = "pre-policy-sleeper-without-topology-spread" namespace = kubernetes_namespace.rossum.metadata[0].name labels = { "app.kubernetes.io/name" = "pre-policy-sleeper-without-topology-spread" "app.kubernetes.io/version" = "v2" } } spec { replicas = 3 selector { match_labels = { "app.kubernetes.io/name" = "pre-policy-sleeper-without-topology-spread" } } template { metadata { labels = { "app.kubernetes.io/name" = "pre-policy-sleeper-without-topology-spread" } } spec { container { name = "sleepy" image = "busybox" command = [ "sh", "-c", "while true; do sleep 60; done" ] } security_context { run_as_user = 1000 run_as_group = 1000 } } } } lifecycle { ignore_changes = [ # Injected by kyverno policy on update spec[0].template[0].spec[0].topology_spread_constraint ] } }