apiVersion: apps/v1
kind: Deployment
metadata:
  name: techaro-lol
  annotations:
    operator.1password.io/auto-restart: "true"
spec:
  replicas: 1
  template:
    spec:
      securityContext:
        fsGroup: 1000
      volumes:
        - name: temp
          persistentVolumeClaim:
            claimName: techaro-lol-temp
      containers:
        - name: main
          image: ghcr.io/xe/techaro-lol:latest
          imagePullPolicy: "Always"
          resources:
            limits:
              cpu: "2"
              memory: "1Gi"
            requests:
              cpu: "500m"
              memory: "512Mi"
          envFrom:
            - secretRef:
                name: techaro-lol
          volumeMounts:
            - name: temp
              mountPath: /app/.next/cache
              subPath: "cache"
          securityContext:
            runAsUser: 1000
            runAsGroup: 1000
            runAsNonRoot: true
            allowPrivilegeEscalation: false
            capabilities:
              drop:
                - ALL
            seccompProfile:
              type: RuntimeDefault
          livenessProbe:
            httpGet:
              path: /_healthz
              port: 3000
              httpHeaders:
                - name: user-agent
                  value: "healthz"
            initialDelaySeconds: 3
            periodSeconds: 3