apiVersion: apps/v1
kind: Deployment
metadata:
  name: rainbow
  labels:
    app: rainbow
spec:
  replicas: 4
  selector:
    matchLabels:
      app: rainbow
  template:
    metadata:
      labels:
        app: rainbow
    spec:
      # Only one pod per node
      affinity:
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
          - labelSelector:
              matchExpressions:
              - key: app
                operator: In
                values:
                - rainbow
            topologyKey: "kubernetes.io/hostname"
      # Move to other nodes fast
      tolerations:
      - key: "node.kubernetes.io/unreachable"
        operator: "Exists"
        effect: "NoExecute"
        tolerationSeconds: 5
      - key: "node.kubernetes.io/not-ready"
        operator: "Exists"
        effect: "NoExecute"
        tolerationSeconds: 5
      containers:
      - name: rainbow
        image: sealsystems/rainbow
        securityContext:
          privileged: true
        volumeMounts:
        - mountPath: /sys
          name: sys-volume
      volumes:
      - name: sys-volume
        hostPath:
          path: /sys