apiVersion: apps/v1
kind: Deployment
metadata:
  name: headlamp
  namespace: headlamp
spec:
  replicas: 1
  selector:
    matchLabels:
      app: headlamp
  template:
    metadata:
      labels:
        app: headlamp
    spec:
      serviceAccountName: headlamp-admin
      securityContext:
        runAsNonRoot: true
        runAsUser: 100
        runAsGroup: 101
        seccompProfile:
          type: RuntimeDefault
      containers:
        - name: headlamp
          image: ghcr.io/headlamp-k8s/headlamp:v0.42.0
          args:
            - "-in-cluster"
            - "-plugins-dir=/headlamp/plugins"
            - "-kubeconfig=/home/headlamp/.kube/config"
          ports:
            - containerPort: 4466
              name: http
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop: [ALL]
            readOnlyRootFilesystem: false
          readinessProbe:
            httpGet:
              path: /
              port: 4466
            initialDelaySeconds: 10
            timeoutSeconds: 5
          livenessProbe:
            httpGet:
              path: /
              port: 4466
            initialDelaySeconds: 15
            timeoutSeconds: 5
          resources:
            requests:
              cpu: 50m
              memory: 128Mi
            limits:
              memory: 256Mi
          volumeMounts:
            - name: kubeconfig
              mountPath: /home/headlamp/.kube
              readOnly: true
      volumes:
        - name: kubeconfig
          configMap:
            name: headlamp-kubeconfig
            items:
              - key: kubeconfig
                path: config
      nodeSelector:
        kubernetes.io/os: linux