tenant-catalog/kubeflow/apps/pipeline/upstream/base/cache/cache-deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: cache-server
  labels:
    app: cache-server
spec:
  replicas: 1
  selector:
    matchLabels:
      app: cache-server
  template:
    metadata:
      labels:
        app: cache-server
    spec:
      securityContext:
        seccompProfile:
          type: RuntimeDefault
      containers:
      - name: server
        securityContext:
          allowPrivilegeEscalation: false
          runAsNonRoot: true
          runAsUser: 1000
          runAsGroup: 0
          capabilities:
            drop:
            - ALL
        image: ghcr.io/kubeflow/kfp-cache-server:dummy
        env:
          - name: DEFAULT_CACHE_STALENESS
            valueFrom:
              configMapKeyRef:
                name: pipeline-install-config
                key: DEFAULT_CACHE_STALENESS
          - name: MAXIMUM_CACHE_STALENESS
            valueFrom:
              configMapKeyRef:
                name: pipeline-install-config
                key:  MAXIMUM_CACHE_STALENESS
          - name: CACHE_IMAGE
            valueFrom:
              configMapKeyRef:
                name: pipeline-install-config
                key: cacheImage
          - name: CACHE_NODE_RESTRICTIONS
            valueFrom:
              configMapKeyRef:
                name: pipeline-install-config
                key: cacheNodeRestrictions
          - name: DBCONFIG_DRIVER
            value: mysql
          - name: DBCONFIG_DB_NAME
            valueFrom:
              configMapKeyRef:
                name: pipeline-install-config
                key: cacheDb
          - name: DBCONFIG_HOST_NAME
            valueFrom:
              configMapKeyRef:
                name: pipeline-install-config
                key: dbHost
          - name: DBCONFIG_PORT
            valueFrom:
              configMapKeyRef:
                name: pipeline-install-config
                key: dbPort
          - name: DBCONFIG_USER
            valueFrom:
              secretKeyRef:
                name: mysql-secret
                key: username
          - name: DBCONFIG_PASSWORD
            valueFrom:
              secretKeyRef:
                name: mysql-secret
                key: password
          - name: NAMESPACE_TO_WATCH
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
          # If you update WEBHOOK_PORT, also change the value of the
          # containerPort "webhook-api" to match.
          - name: WEBHOOK_PORT
            value: "8443"
        args: ["--db_driver=$(DBCONFIG_DRIVER)",
               "--db_host=$(DBCONFIG_HOST_NAME)",
               "--db_port=$(DBCONFIG_PORT)",
               "--db_name=$(DBCONFIG_DB_NAME)",
               "--db_user=$(DBCONFIG_USER)",
               "--db_password=$(DBCONFIG_PASSWORD)",
               "--namespace_to_watch=$(NAMESPACE_TO_WATCH)",
               "--listen_port=$(WEBHOOK_PORT)",
              ]
        imagePullPolicy: Always
        ports:
        - containerPort: 8443
          name: webhook-api
        volumeMounts:
        - name: webhook-tls-certs
          mountPath: /etc/webhook/certs
          readOnly: true
      volumes:
      - name: webhook-tls-certs
        secret:
          secretName: webhook-server-tls
      serviceAccountName: kubeflow-pipelines-cache