---
apiVersion: v1
kind: Namespace
metadata:
  name: cozy-system
  labels:
    pod-security.kubernetes.io/enforce: privileged
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: cozystack
  namespace: cozy-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: cozystack
  namespace: cozy-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: cozystack
subjects:
- kind: ServiceAccount
  name: cozystack
  namespace: cozy-system
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: cozystack
  namespace: cozy-system
spec:
  replicas: 1
  selector:
    matchLabels:
      app: cozystack
  template:
    metadata:
      labels:
        app: cozystack
    spec:
      hostNetwork: true
      serviceAccountName: cozystack
      containers:
      - name: cozystack
        image: ghcr.io/kvaps/test:cozystack-10
        command: [ "/cozystack-system/reconcile.sh" ]
        env:
        - name: KUBERNETES_SERVICE_HOST
          value: localhost
        - name: KUBERNETES_SERVICE_PORT
          value: "7445"
      tolerations:
      - key: "node.kubernetes.io/not-ready"
        operator: "Exists"
        effect: "NoSchedule"