apiVersion: apps/v1
kind: Deployment
metadata:
  name: buildkitd
  namespace: build
spec:
  replicas: 1
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: buildkitd
  template:
    metadata:
      labels:
        app: buildkitd
    spec:
      # Use host network so buildkitd can push to src.DOMAIN_SUFFIX (Gitea registry
      # via Pingora) without DNS resolution issues. The registry runs on the same
      # node, so host networking routes traffic back to localhost directly.
      hostNetwork: true
      dnsPolicy: None
      dnsConfig:
        nameservers:
          - 8.8.8.8
          - 1.1.1.1
      containers:
        - name: buildkitd
          image: moby/buildkit:v0.28.0
          args:
            - --addr
            - tcp://0.0.0.0:1234
          ports:
            - containerPort: 1234
          securityContext:
            privileged: true
          resources:
            requests:
              cpu: "500m"
              memory: "1Gi"
            limits:
              cpu: "4"
              memory: "8Gi"