apiVersion: apps/v1
kind: Deployment
metadata:
  name: pocketid
  labels:
    app.kubernetes.io/name: pocketid
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: pocketid
  template:
    metadata:
      labels:
        app.kubernetes.io/name: pocketid
    spec:
      volumes:
        - name: pocketid-data
          persistentVolumeClaim:
            claimName: pocketid-pvc
      containers:
        - name: pocketid
          image: ghcr.io/pocket-id/pocket-id:v1.6.0
          imagePullPolicy: Always
          ports:
            - containerPort: 1411
          envFrom:
            - configMapRef:
                name: pocketid-config
          volumeMounts:
          - name: pocketid-data
            mountPath: "/app/data"
          securityContext:
            runAsUser: 1000
            runAsGroup: 1000
            runAsNonRoot: true
            allowPrivilegeEscalation: false
            capabilities:
              drop:
                - ALL
            seccompProfile:
              type: RuntimeDefault
          livenessProbe:
            httpGet:
              path: /healthz
              port: 1411
            initialDelaySeconds: 10
            failureThreshold: 3
            periodSeconds: 90
          startupProbe:
            httpGet:
              path: /healthz
              port: 1411
            failureThreshold: 30
            periodSeconds: 10