apiVersion: v1 kind: Service metadata: name: vm-example annotations: external-dns.alpha.kubernetes.io/hostname: vm-[namespace].dyn.cloud.e-infra.cz spec: type: LoadBalancer selector: app: vm-example ports: - port: 22 targetPort: 2222 externalTrafficPolicy: Local --- apiVersion: apps/v1 kind: StatefulSet metadata: name: vm-example spec: selector: matchLabels: app: vm-example replicas: 1 serviceName: vm-example template: metadata: labels: app: vm-example spec: terminationGracePeriodSeconds: 5 securityContext: runAsNonRoot: true seccompProfile: type: RuntimeDefault containers: - name: vm-example image: cerit.io/pub/ssh-base:d10 env: - name: SSH_KEY valueFrom: secretKeyRef: key: ssh-publickey name: ssh-publickey ports: - containerPort: 2222 name: ssh securityContext: privileged: false runAsUser: 1000 runAsGroup: 1000 allowPrivilegeEscalation: false capabilities: drop: - ALL resources: limits: cpu: "1" memory: "4Gi" ephemeral-storage: "4Gi"