apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ site_k8s }}
  namespace: {{ namespace }}
  labels:
    app: {{ site_k8s }}
spec:
  replicas: {{ replicas }}
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: {{ site_k8s }}
  template:
    metadata:
      labels:
        app: {{ site_k8s }}
    spec:
      securityContext:
        runAsNonRoot: true
        runAsUser: 65532
        runAsGroup: 65532
        fsGroup: 65532
        seccompProfile:
          type: RuntimeDefault
      containers:
      - name: {{ site_k8s }}
        image: {{ image }}:latest
        imagePullPolicy: IfNotPresent
        ports:
        - name: http
          containerPort: {{ port }}
        resources:
          requests:
            memory: 64Mi
            cpu: 50m
          limits:
            memory: 256Mi
        livenessProbe:
          httpGet: {path: {{ health_path }}, port: http}
          periodSeconds: 30
          timeoutSeconds: 3
        readinessProbe:
          httpGet: {path: {{ health_path }}, port: http}
          periodSeconds: 10
          timeoutSeconds: 3
        securityContext:
          allowPrivilegeEscalation: false
          readOnlyRootFilesystem: true
          capabilities:
            drop: ["ALL"]