apiVersion: apps/v1
kind: Deployment
metadata:
  name: app
  labels:
    app.kubernetes.io/name: app
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: app
  template:
    metadata:
      labels:
        app.kubernetes.io/name: app
    spec:
      volumes:
        - name: mountName
          persistentVolumeClaim:
            claimName: app-pvc
      containers:
        - name: containerName
          image: image
          envFrom:
            - configMapRef:
                name: configMap
            - secretRef:
                name: secrets
          ports:
            - containerPort: 1234
              name: http
          volumeMounts:
          - name: mountName
            mountPath: "/"
          livenessProbe:
            exec:
              command:
              - /app/pocket-id
              - healthcheck
            httpGet:
              path: /healthz
              port: 8080
            initialDelaySeconds: 10
            failureThreshold: 3
            periodSeconds: 90
          startupProbe:
            exec:
              command:
              - /app/pocket-id
              - healthcheck
            httpGet:
              path: /healthz
              port: 8080
            failureThreshold: 30
            periodSeconds: 10
          securityContext:
            runAsUser: 1000
            runAsGroup: 1000
            runAsNonRoot: true
            allowPrivilegeEscalation: false
            capabilities:
              drop:
                - ALL
            seccompProfile:
              type: RuntimeDefault
      dnsPolicy: "ClusterFirst"
      dnsConfig:
        nameservers:
          - 100.96.226.96