apiVersion: apps/v1
kind: Deployment
metadata:
  name: insurance-web
  namespace: insurance
  labels:
    app.kubernetes.io/name: insurance-web
    app.kubernetes.io/component: frontend
spec:
  replicas: 2
  revisionHistoryLimit: 3
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 0
  selector:
    matchLabels:
      app.kubernetes.io/name: insurance-web
  template:
    metadata:
      labels:
        app.kubernetes.io/name: insurance-web
      annotations:
        kubectl.kubernetes.io/restartedAt: "placeholder-will-be-patched-by-ci"
    spec:
      imagePullSecrets:
        - name: gitea-registry
      containers:
        - name: web
          image: git.junggomoa.com/chpark/insurance:latest
          imagePullPolicy: Always
          ports:
            - name: http
              containerPort: 80
              protocol: TCP
          readinessProbe:
            httpGet:
              path: /health
              port: http
            initialDelaySeconds: 3
            periodSeconds: 5
          livenessProbe:
            httpGet:
              path: /health
              port: http
            initialDelaySeconds: 15
            periodSeconds: 20
          resources:
            requests:
              cpu: 50m
              memory: 64Mi
            limits:
              cpu: 300m
              memory: 256Mi
          securityContext:
            allowPrivilegeEscalation: false
            runAsNonRoot: false
            capabilities:
              drop: ["ALL"]
              add: ["CHOWN", "SETGID", "SETUID", "NET_BIND_SERVICE"]