apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: buildkitd
  name: buildkitd
spec:
  replicas: 1
  selector:
    matchLabels:
      app: buildkitd
  template:
    metadata:
      labels:
        app: buildkitd
    spec:
      containers:
      - name: buildkitd
        image: moby/buildkit:master
        args:
        - --addr
        - unix:///run/buildkit/buildkitd.sock
        - --addr
        - tcp://0.0.0.0:1234
        - --tlscacert
        - /certs/ca.pem
        - --tlscert
        - /certs/cert.pem
        - --tlskey
        - /certs/key.pem
# the probe below will only work after Release v0.6.3
        readinessProbe:
          exec:
            command:
            - buildctl 
            - debug 
            - workers
          initialDelaySeconds: 5
          periodSeconds: 30
# the probe below will only work after Release v0.6.3
        livenessProbe:
          exec:
            command:
            - buildctl 
            - debug 
            - workers
          initialDelaySeconds: 5
          periodSeconds: 30
        securityContext:
          privileged: true
        ports:
        - containerPort: 1234
        volumeMounts:
        - name: certs
          readOnly: true
          mountPath: /certs
      volumes:
# buildkit-daemon-certs must contain ca.pem, cert.pem, and key.pem
      - name: certs
        secret:
          secretName: buildkit-daemon-certs
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: buildkitd
  name: buildkitd
spec:
  ports:
  - port: 1234
    protocol: TCP
  selector:
    app: buildkitd