deploy-gcsbc.yaml

apiVersion: v1
kind: Service
metadata:
  name: asset
  labels:
    app: asset
spec:
  type: ClusterIP
  ports:
    - port: 8080
      targetPort: 8080
  selector:
    app: asset

---

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: asset
  name: asset
spec:
  replicas: 1
  selector:
    matchLabels:
      app: asset
  template:
    metadata:
      labels:
        app: asset
    spec:
      nodeSelector:
        cloud.google.com/gke-nodepool: work-pool
      containers:
      - image: "gcr.io/homin-dev/gcsbc:latest"
        # args: ["-f", "asset" "/bucket/"]
        name: asset
        ports:
          - containerPort: 8080
        env:
          - name: BUCKET_NAME
            value: homin-dev_asset
        volumeMounts:
          - name: sa-key
            subPath: gcsbc-key.json
            mountPath: "/sa-key.json"
            readOnly: true
        securityContext:
          privileged: true
          capabilities:
            add:
              - SYS_ADMIN
        lifecycle:
          postStart:
            exec:
              command: ["/bin/sh", "-c", "gcsfuse --implicit-dirs --key-file=/sa-key.json ${BUCKET_NAME} /bucket"]
          preStop:
            exec:
              command: ["/bin/sh", "-c", "fusermount -u ${BUCKET_NAME}"]
      volumes:
        - name: sa-key
          secret:
            secretName: sa-key