apiVersion: v1
kind: Service
metadata:
  name: fleetlock
  labels:
    app.kubernetes.io/name: fleetlock
    app.kubernetes.io/component: fleetlock
    app.kubernetes.io/part-of: fleetlock
spec:
  type: ClusterIP
  selector:
    app.kubernetes.io/name: fleetlock
    app.kubernetes.io/component: fleetlock
  ports:
  - name: http
    port: 80
    targetPort: 8080

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: fleetlock
  labels:
    app.kubernetes.io/name: fleetlock
    app.kubernetes.io/component: fleetlock
    app.kubernetes.io/part-of: fleetlock
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: fleetlock
      app.kubernetes.io/component: fleetlock
  template:
    metadata:
      labels:
        app.kubernetes.io/name: fleetlock
        app.kubernetes.io/component: fleetlock
        app.kubernetes.io/part-of: fleetlock
    spec:
      serviceAccountName: fleetlock
      containers:
      - name: fleetlock
        image: quay.io/poseidon/fleetlock:v0.4.0
        env:
        - name: NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        ports:
        - name: http
          containerPort: 8080
        readinessProbe: &probe
          httpGet:
            port: 8080
            path: /-/healthy
          periodSeconds: 60
          timeoutSeconds: 5
          failureThreshold: 3
          successThreshold: 1
        startupProbe:
          <<: *probe
          periodSeconds: 1
          timeoutSeconds: 1
          failureThreshold: 30
        resources:
          requests:
            cpu: 30m
            memory: 30Mi
          limits:
            cpu: 50m
            memory: 50Mi
        securityContext:
          readOnlyRootFilesystem: true
      securityContext:
        runAsUser: 842
        runAsGroup: 842
        runAsNonRoot: true