apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    run: ssh-bastion
  name: ssh-bastion
  namespace: byoh-ssh-bastion
spec:
  replicas: 1
  selector:
    matchLabels:
      run: ssh-bastion
  template:
    metadata:
      labels:
        run: ssh-bastion
    spec:
      serviceAccountName: "ssh-bastion"
      containers:
      - image: quay.io/eparis/ssh:latest
        imagePullPolicy: Always
        name: ssh-bastion
        securityContext:
          privileged: true
        ports:
        - containerPort: 22
          name: ssh
          protocol: TCP
        volumeMounts:
        - name: ssh-host-keys
          mountPath: "/etc/ssh/"
          readOnly: true
      volumes:
      - name: ssh-host-keys
        secret:
          secretName: ssh-host-keys
          items:
          - key: ssh_host_rsa_key
            path: ssh_host_rsa_key
            mode: 256
          - key: sshd_config
            path: sshd_config
      restartPolicy: Always