apiVersion: apps/v1
kind: Deployment
metadata:
  name: khalisio
  namespace: apps
  labels:
    app: khalisio
spec:
  replicas: 2
  selector:
    matchLabels:
      app: khalisio
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 0
  template:
    metadata:
      labels:
        app: khalisio
    spec:
      containers:
        - name: web
          image: ghcr.io/richard-callis/portfolio:latest
          imagePullPolicy: Always
          ports:
            - name: http
              containerPort: 8080
          resources:
            requests:
              cpu: 10m
              memory: 16Mi
            limits:
              cpu: 100m
              memory: 64Mi
          readinessProbe:
            httpGet: { path: /, port: http }
            initialDelaySeconds: 2
            periodSeconds: 5
          livenessProbe:
            httpGet: { path: /, port: http }
            initialDelaySeconds: 5
            periodSeconds: 30
          securityContext:
            allowPrivilegeEscalation: false
            runAsNonRoot: true
            runAsUser: 101
            capabilities:
              drop: ["ALL"]